dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

This commit is contained in:
Xavier Guimard 2019-05-15 14:25:57 +02:00
parent 224307515f 570513ab96
commit bdc68d5833
65 changed files with 1312 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
changelog
View File

@ -1,3 +1,40 @@
lemonldap-ng (2.0.4) bionic; urgency=medium
* Bugs:
* #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
* #1709: ViewDiff template not displayed
* #1710: Configuration keys not displayed in Viewer
* #1716: [Security:minor] Update jQuery
* #1720: Duplicate session opening when using multiple Kerberos instances in Combination
* #1724: CAS 1.0 /validate endpoint does not return username
* #1726: Deb package: missing dependency IO::String
* #1733: Invalid default crontab in RPM
* #1736: Configuration version in Manager is different from software version
* #1738: Error not well catched with Ext2F
* #1741: Deleted category is not detected as a change when saving conf.
* #1742: [Security: high] Setting tokenUseGlobalStorage allows unauthenticated users to access the portal (and applications without rules)
* #1743: [Security: low] register_token used for account creation can be used as a valid session identifier
* #1746: Impersonation does not work with double cookies authentication
* New features:
* #1146: Allow Handler to read OAuth2 access token instead of browser cookie
* #1722: [Security: improvement] PKCE to secure OIDC Authorization Code flow
* Improvements:
* #1703: Fix faulty headers on a null value
* #1711: Return Session ID when authentication is done via REST
* #1712: Display idpChoice cancel button only if AuthChoice is enabled
* #1713: CAS : Allow per application CAS login override
* #1714: Check logLevel value
* #1725: Allow unauthenticated clients on OIDC token endpoint
* #1728: Improve redirect page
* #1729: Display error if SAML service is enabled without private and public keys signature
* #1730: Sort real and spoofed attributes in CheckUser and Session explorer
* #1735: Highlight valid SSO sessions in sessions explorer
* #1739: Improve log in Grant Session plugin
-- Clément <clem.oudot@gmail.com> Sun, 12 May 2019 16:17:01 +0200
lemonldap-ng (2.0.3) bionic; urgency=medium
* Bugs:
@ -242,6 +279,20 @@ lemonldap-ng (2.0.0~alpha2) testing; urgency=low
lemonldap-ng (2.0.0~alpha1) testing; urgency=low
lemonldap-ng (1.9.19) oldstable; urgency=high
* Bugs:
* #1509: InactivityTimeout for applications don't work
* #1520: lemonldap-ng-cli adds a new item when deleting an item that does not exist.
* #1567: Captcha session id is too weak
* #1580: Error when saving in manager (mongoDB as ConfigurationBackend)
* #1662: id_token validity not correctly evaluated
* #1744: [Security: low] register_token used for account creation can be used as a valid session identifier
* Improvements:
* #1516: All IDP conf not usable if only one IDP misconfigured
* #1519: Cross domain authentication, ajax request and same origin policy
lemonldap-ng (1.9.18) stable; urgency=high
* #1479: App Category order - Cannot save

14
debian/changelog vendored
View File

@ -1,3 +1,17 @@
lemonldap-ng (2.0.4-1) unstable; urgency=medium
* New release. See changes on our website:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
-- Clement OUDOT <clement@oodo.net> Sun, 12 May 2019 16:00:00 +0100
lemonldap-ng (1.9.19-1) unstable; urgency=medium
* New release. See changes on our website:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
-- Clement OUDOT <clement@oodo.net> Sun, 12 May 2019 12:00:00 +0100
lemonldap-ng (2.0.3-1) unstable; urgency=medium
* New release. See changes on our website:

71
doc/pages/documentation/current/applications.html
View File

@ -137,70 +137,73 @@ If none of above methods is available, you can try:
<td class="col0 centeralign"> <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/grr.html" class="wikilink1" title="documentation:2.0:applications:grr">GRR</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row17 rowodd">
<td class="col0 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="wikilink1" title="documentation:2.0:applications:liferay">Liferay</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
<td class="col0 centeralign"> <a href="applications/guacamole.html" class="media" title="documentation:2.0:applications:guacamole"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/guacamole.html" class="wikilink1" title="documentation:2.0:applications:guacamole">Apache Guacamole</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4 centeralign"> </td><td class="col5 leftalign"> </td><td class="col6 centeralign"></td>
</tr>
<tr class="row18 roweven">
<td class="col0 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/limesurvey.html" class="wikilink1" title="documentation:2.0:applications:limesurvey">LimeSurvey</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
<td class="col0 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="wikilink1" title="documentation:2.0:applications:liferay">Liferay</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row19 rowodd">
<td class="col0 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="wikilink1" title="documentation:2.0:applications:mediawiki">Mediawiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/limesurvey.html" class="wikilink1" title="documentation:2.0:applications:limesurvey">LimeSurvey</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row20 roweven">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/nextcloud.html" class="wikilink1" title="documentation:2.0:applications:nextcloud">NextCloud</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="wikilink1" title="documentation:2.0:applications:mediawiki">Mediawiki</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row21 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/nextcloud.html" class="wikilink1" title="documentation:2.0:applications:nextcloud">NextCloud</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row22 roweven">
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/obm.html" class="wikilink1" title="documentation:2.0:applications:obm">OBM</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row23 rowodd">
<td class="col0 centeralign"> <a href="applications/office365.html" class="media" title="documentation:2.0:applications:office365"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/office365.html" class="wikilink1" title="documentation:2.0:applications:office365">Office 365</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="wikilink1" title="documentation:2.0:applications:phpldapadmin">phpLDAPAdmin</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/roundcube.html" class="wikilink1" title="documentation:2.0:applications:roundcube">Roundcube</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">SalesForce</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0 centeralign"> <a href="applications/sap.html" class="media" title="documentation:2.0:applications:sap"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td><td class="col1 centeralign"> <a href="applications/sap.html" class="wikilink1" title="documentation:2.0:applications:sap">SAP</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row28 roweven">
<td class="col0 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/simplesamlphp.html" class="wikilink1" title="documentation:2.0:applications:simplesamlphp">simpleSAMLphp</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row29 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row23 rowodd">
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/obm.html" class="wikilink1" title="documentation:2.0:applications:obm">OBM</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0 centeralign"> <a href="applications/office365.html" class="media" title="documentation:2.0:applications:office365"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/office365.html" class="wikilink1" title="documentation:2.0:applications:office365">Office 365</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="wikilink1" title="documentation:2.0:applications:phpldapadmin">phpLDAPAdmin</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/roundcube.html" class="wikilink1" title="documentation:2.0:applications:roundcube">Roundcube</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">SalesForce</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row28 roweven">
<td class="col0 centeralign"> <a href="applications/sap.html" class="media" title="documentation:2.0:applications:sap"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td><td class="col1 centeralign"> <a href="applications/sap.html" class="wikilink1" title="documentation:2.0:applications:sap">SAP</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row29 rowodd">
<td class="col0 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/simplesamlphp.html" class="wikilink1" title="documentation:2.0:applications:simplesamlphp">simpleSAMLphp</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row30 roweven">
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/spring.html" class="wikilink1" title="documentation:2.0:applications:spring">Spring</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row31 rowodd">
<td class="col0 centeralign"> <a href="applications/symfony.html" class="media" title="documentation:2.0:applications:symfony"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/symfony.html" class="wikilink1" title="documentation:2.0:applications:symfony">Symfony</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/spring.html" class="wikilink1" title="documentation:2.0:applications:spring">Spring</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="wikilink1" title="documentation:2.0:applications:sympa">Sympa</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/symfony.html" class="media" title="documentation:2.0:applications:symfony"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/symfony.html" class="wikilink1" title="documentation:2.0:applications:symfony">Symfony</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row33 rowodd">
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="wikilink1" title="documentation:2.0:applications:sympa">Sympa</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row34 roweven">
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"></td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row35 rowodd">
<td class="col0 centeralign"> <a href="applications/xwiki.html" class="media" title="documentation:2.0:applications:xwiki"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/xwiki.html" class="wikilink1" title="documentation:2.0:applications:xwiki">XWiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row36 roweven">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/xwiki.html" class="media" title="documentation:2.0:applications:xwiki"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/xwiki.html" class="wikilink1" title="documentation:2.0:applications:xwiki">XWiki</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row37 rowodd">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row38 roweven">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
</table></div>
<!-- EDIT4 TABLE [1223-5747] -->
<!-- EDIT4 TABLE [1223-5891] -->
</div>
<!-- EDIT3 SECTION "Application list" [1192-] --></div>
</body>

13
doc/pages/documentation/current/applications/googleapps.html
View File

@ -135,9 +135,10 @@ Now configure all <abbr title="Security Assertion Markup Language">SAML</abbr> p
<li class="level1"><div class="li"> <strong>Change password <abbr title="Uniform Resource Locator">URL</abbr></strong>: where users can change their password. Example: <a href="http://auth.example.com" class="urlextern" title="http://auth.example.com" rel="nofollow">http://auth.example.com</a></div>
</li>
</ul>
<div class="noteimportant">You must check the option <code>Use a specific domain transmitter</code> to force Google Apps to send the full entityId.
</div>
<!-- EDIT4 SECTION "Google Apps control panel" [688-1671] -->
</div>
<!-- EDIT4 SECTION "Google Apps control panel" [688-1806] -->
<h3 class="sectionedit5" id="certificate">Certificate</h3>
<div class="level3">
@ -157,7 +158,7 @@ You can now the upload the certificate (<code>cert.pem</code>) on Google Apps.
<div class="notetip">You can also use the certificate instead of public key in <abbr title="Security Assertion Markup Language">SAML</abbr> metadata, see <a href="../samlservice.html#security_parameters" class="wikilink1" title="documentation:2.0:samlservice">SAML service configuration</a>
</div>
</div>
<!-- EDIT5 SECTION "Certificate" [1672-2407] -->
<!-- EDIT5 SECTION "Certificate" [1807-2542] -->
<h3 class="sectionedit6" id="new_service_provider">New Service Provider</h3>
<div class="level3">
@ -189,7 +190,7 @@ Now we will add Google Apps as a new <abbr title="Security Assertion Markup Lang
<div class="noteimportant">Change <strong>mydomain.org</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your Google Apps domain. Also adapt your entityID to match the Assertion issuer: google.com/a/mydomain.org
</div>
</div>
<!-- EDIT6 SECTION "New Service Provider" [2408-3803] -->
<!-- EDIT6 SECTION "New Service Provider" [2543-3938] -->
<h3 class="sectionedit7" id="application_menu">Application menu</h3>
<div class="level3">
@ -209,7 +210,7 @@ You need to adapt some parameters:
<div class="noteimportant">Change <strong>mydomain.org</strong> into your Google Apps domain
</div>
</div>
<!-- EDIT7 SECTION "Application menu" [3804-4317] -->
<!-- EDIT7 SECTION "Application menu" [3939-4452] -->
<h3 class="sectionedit8" id="logout">Logout</h3>
<div class="level3">
@ -228,6 +229,6 @@ To manage the other way (<abbr title="LemonLDAP::NG">LL::NG</abbr> → Google Ap
<div class="noteimportant">Change <strong>mydomain.org</strong> into your Google Apps domain
</div>
</div>
<!-- EDIT8 SECTION "Logout" [4318-] --></div>
<!-- EDIT8 SECTION "Logout" [4453-] --></div>
</body>
</html>

152
doc/pages/documentation/current/applications/guacamole.html Normal file
View File

@ -0,0 +1,152 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:guacamole</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,guacamole"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="guacamole.html"/>
<link rel="contents" href="guacamole.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:guacamole","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#guacamole1">Guacamole</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL:NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="guacamole">Guacamole</h1>
<div class="level1">
<p>
<img src="guacamole.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Guacamole" [1-68] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://guacamole.apache.org/" class="urlextern" title="https://guacamole.apache.org/" rel="nofollow">Apache Guacamole</a> is a web-based remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
</p>
<p>
As of version 0.9.14, Guacamole can use <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID Connect</a> , <a href="../idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a> or <a href="../writingrulesand_headers.html" class="wikilink1" title="documentation:2.0:writingrulesand_headers">HTTP Headers</a> as authentication sources through plug-ins.
</p>
<p>
This document explains how to implement OpenID Connect
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [69-493] -->
<h2 class="sectionedit3" id="pre-requisites">Pre-requisites</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Pre-requisites" [494-521] -->
<h3 class="sectionedit4" id="guacamole1">Guacamole</h3>
<div class="level3">
<p>
Refer to <a href="http://guacamole.apache.org/doc/gug/" class="urlextern" title="http://guacamole.apache.org/doc/gug/" rel="nofollow">the official Guacamole documentation</a> to install Guacamole, either manually or through Docker images
</p>
<p>
You need to be able to enable extensions. If you are using docker, you need to <a href="http://guacamole.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-guacamole-home" class="urlextern" title="http://guacamole.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-guacamole-home" rel="nofollow"> follow these instructions in order to provide your own extensions directory and Guacamole configuration file</a>
</p>
<p>
Your Guacamole configuration directory will look something like this.
</p>
<pre class="code">├── extensions
│   └── 00-guacamole-auth-openid-1.0.0.jar
└── guacamole.properties</pre>
<div class="notewarning">Make sure to rename the JAR in a way that <a href="https://lists.apache.org/thread.html/b781a5c4e4d14f7ce297200ba6886d888df4333f83836220ac8b69f1@%3Cuser.guacamole.apache.org%3E" class="urlextern" title="https://lists.apache.org/thread.html/b781a5c4e4d14f7ce297200ba6886d888df4333f83836220ac8b69f1@%3Cuser.guacamole.apache.org%3E" rel="nofollow">ensures that it will be loaded first</a>
</div>
<p>
And <code>guacamole.properties</code> should contain at least
</p>
<pre class="code">openid-authorization-endpoint: http://auth.example.com/oauth2/authorize
openid-jwks-endpoint: http://auth.example.com/oauth2/jwks
openid-issuer: http://auth.example.com
openid-client-id: guacamole
openid-redirect-uri: http://guacamole.example.com/guacamole/
openid-username-claim-type: sub</pre>
<div class="notetip">Remplace the <code>redirect uri</code> with your Guacamole server&#039;s <abbr title="Uniform Resource Locator">URL</abbr>
</div>
</div>
<!-- EDIT4 SECTION "Guacamole" [522-1843] -->
<h3 class="sectionedit5" id="llng">LL:NG</h3>
<div class="level3">
<p>
Make sure you have already <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">enabled OpenID Connect</a> on your LemonLDAP::NG server
</p>
<p>
You also need to allow the <code>Implicit Flow</code> under <code>OpenID Connect Service</code> » <code>Security</code>
</p>
<p>
Then, add a Relaying Party with the following configuration
</p>
<ul>
<li class="level1"><div class="li"> Options » Authentification » Client ID : same as <code>openid-client-id</code> in <code>guacamole.properties</code></div>
</li>
<li class="level1"><div class="li"> Options » Allowed redirection address : same as <code>openid-redirect-uri</code> in <code>guacamole.properties</code></div>
</li>
<li class="level1"><div class="li"> Options » ID Token Signature Algorithm : <code>RS512</code></div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "LL:NG" [1844-] --></div>
</body>
</html>

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=f5d398c4fc6f21e5e626ce5d49ffe634" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554967327" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1557671456" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=f5d398c4fc6f21e5e626ce5d49ffe634" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554967327" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1557671456" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/applications/zimbra.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:zimbra</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,zimbra"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="zimbra.html"/>

2
doc/pages/documentation/current/authcas.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcas</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcas"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcas.html"/>

2
doc/pages/documentation/current/authcombination.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcombination</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcombination"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcombination.html"/>

2
doc/pages/documentation/current/authgpg.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authgpg</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authgpg"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authgpg.html"/>

2
doc/pages/documentation/current/authopenidconnect.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authopenidconnect</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authopenidconnect"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect.html"/>

2
doc/pages/documentation/current/authrest.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authrest</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>

2
doc/pages/documentation/current/authsaml.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authsaml</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authsaml"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authsaml.html"/>

12
doc/pages/documentation/current/authssl.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authssl</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authssl"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authssl.html"/>
@ -251,12 +251,12 @@ fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;</pre>
#index index.psgi;
location / {
try_files $uri $uri/ =404;
add_header Strict-Transport-Security max-age=15768000;
add_header Strict-Transport-Security &quot;max-age=15768000&quot;;
}
}</pre>
</div>
<!-- EDIT6 SECTION "With Nginx" [2685-4318] -->
<!-- EDIT6 SECTION "With Nginx" [2685-4320] -->
<h3 class="sectionedit7" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
@ -276,7 +276,7 @@ Then, go in <code>SSL parameters</code>:
</ul>
</div>
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [4319-4744] -->
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [4321-4746] -->
<h3 class="sectionedit8" id="auto_reloading_ssl_certificates">Auto reloading SSL Certificates</h3>
<div class="level3">
@ -384,7 +384,7 @@ $('.enteteBouton').click( function (e) {
<div class="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”. To enable SSL with <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>, use <a href="#ssl_by_ajax" title="documentation:2.0:authssl ↵" class="wikilink1">SSL by Ajax</a>
</div>
</div>
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [4745-8008] -->
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [4747-8010] -->
<h2 class="sectionedit9" id="ssl_by_ajax">SSL by Ajax</h2>
<div class="level2">
@ -427,6 +427,6 @@ and set :
</div>
</div>
<!-- EDIT9 SECTION "SSL by Ajax" [8009-] --></div>
<!-- EDIT9 SECTION "SSL by Ajax" [8011-] --></div>
</body>
</html>

31
doc/pages/documentation/current/browseablesessionbackend.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:browseablesessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="browseablesessionbackend.html"/>
@ -92,7 +92,7 @@ The following table list fields to index depending on the feature you want to in
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> Database cleaup <em>(cron)</em> </td><td class="col1 centeralign"> _session_kind _utime </td>
<td class="col0"> Database cleanup <em>(cron)</em> </td><td class="col1 centeralign"> _session_kind _utime </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> Session explorer </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
@ -106,8 +106,11 @@ The following table list fields to index depending on the feature you want to in
<tr class="row5 rowodd">
<td class="col0"> Password reset by email </td><td class="col1 centeralign"> user </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <abbr title="Security Assertion Markup Language">SAML</abbr> Session </td><td class="col1 centeralign"> _saml_id </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [871-1199] -->
<!-- EDIT3 TABLE [871-1230] -->
<p>
See Apache::Session::Browseable::* man page to see how use indexes.
</p>
@ -116,7 +119,7 @@ See Apache::Session::Browseable::* man page to see how use indexes.
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [43-1722] -->
<!-- EDIT2 SECTION "Presentation" [43-1753] -->
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
<div class="level2">
@ -143,15 +146,15 @@ You then just have to add the <code>Index</code> parameter in <code>General par
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [2010-2167] -->
<!-- EDIT5 TABLE [2041-2198] -->
</div>
<!-- EDIT4 SECTION "Browseable NoSQL" [1723-2168] -->
<!-- EDIT4 SECTION "Browseable NoSQL" [1754-2199] -->
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
<div class="level2">
<div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
</div>
</div>
<!-- EDIT6 SECTION "Browseable SQL" [2169-2300] -->
<!-- EDIT6 SECTION "Browseable SQL" [2200-2331] -->
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
<div class="level3">
@ -185,7 +188,7 @@ CREATE INDEX ip1 ON sessions USING BTREE (ipAddr);</pre>
<div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don&#039;t need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
</div>
</div>
<!-- EDIT7 SECTION "Prepare database" [2301-3935] -->
<!-- EDIT7 SECTION "Prepare database" [2332-3966] -->
<h3 class="sectionedit8" id="manager">Manager</h3>
<div class="level3">
@ -214,14 +217,14 @@ Go in the Manager and set the session module (<a href="https://metacpan.org/pod/
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [4258-4603] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<!-- EDIT9 TABLE [4289-4634] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<p>
For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
</p>
</div>
</div>
<!-- EDIT8 SECTION "Manager" [3936-4782] -->
<!-- EDIT8 SECTION "Manager" [3967-4813] -->
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
<div class="level2">
@ -275,9 +278,9 @@ You need to add the <code>Index</code> field and can also configure the <code>ld
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [5134-5868] -->
<!-- EDIT11 TABLE [5165-5899] -->
</div>
<!-- EDIT10 SECTION "Browseable LDAP" [4783-5869] -->
<!-- EDIT10 SECTION "Browseable LDAP" [4814-5900] -->
<h2 class="sectionedit12" id="security">Security</h2>
<div class="level2">
@ -290,7 +293,7 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT12 SECTION "Security" [5870-6089] -->
<!-- EDIT12 SECTION "Security" [5901-6120] -->
<h2 class="sectionedit13" id="performances">Performances</h2>
<div class="level2">
@ -332,6 +335,6 @@ CREATE INDEX _u1 ON sessions (_utime);
CREATE INDEX ip1 ON sessions (ipAddr) USING BTREE;</pre>
</div>
<!-- EDIT13 SECTION "Performances" [6090-] --></div>
<!-- EDIT13 SECTION "Performances" [6121-] --></div>
</body>
</html>

2
doc/pages/documentation/current/contribute.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:contribute</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,contribute"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="contribute.html"/>

BIN
doc/pages/documentation/current/documentation/oauth-retina-preview.5ca2e2d7241bbcec7d492df10866fdd3.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.9 KiB

BIN
doc/pages/documentation/current/documentation/oauth2_handler.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

4
doc/pages/documentation/current/dos
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=f5d398c4fc6f21e5e626ce5d49ffe634" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1554967384" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1557671508" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/exploit
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=f5d398c4fc6f21e5e626ce5d49ffe634" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1554967384" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1557671508" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

40
doc/pages/documentation/current/external2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:external2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,external2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="external2f.html"/>
@ -43,6 +43,23 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#commands">Commands</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#selinux_note">SELinux note</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="external_second_factor">External Second Factor</h1>
<div class="level1">
@ -84,6 +101,27 @@ All parameters are configured in “General Parameters » Portal Parameters » E
</ul>
<div class="noteimportant">The command line is split in an array and launched with exec(). So you don&#039;t need to enclose arguments in “” and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.
</div>
</div>
<h4 id="selinux_note">SELinux note</h4>
<div class="level4">
<p>
If your server is enforcing SELinux policies, make sure your external script has a label that is allowed to be executed by <code>httpd</code>.
</p>
<p>
For example, storing your script in <code>/usr/local/bin/</code> will give it a <code>bin_t</code> label that will work correctly.
</p>
<p>
If your script has a <code>httpd_sys_script_exec_t</code> type, it will only be able to do external network requests if the SELinux boolean <code>httpd_can_network_connect</code> is enabled.
</p>
<p>
If your script has any other label, it will probably not work at all.
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [477-] --></div>
</body>

87
doc/pages/documentation/current/grantsession.html Normal file
View File

@ -0,0 +1,87 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:grantsession</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,grantsession"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="grantsession.html"/>
<link rel="contents" href="grantsession.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:grantsession","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="grant_session">Grant Session</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Grant Session" [1-29] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
The goal of this plugin is to evaluate different conditions before allowing a user to open a session on the portal. When a condition is not met, then the user is prompted with a customized message.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [30-254] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
This plugin is enabled by default.
</p>
<p>
To configure rules, go in <code>General Parameters</code> &gt; <code>Sessions</code> &gt; <code>Opening conditions</code>.
</p>
<p>
You can then create rules with these fields:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Comment</strong>: a label for your rule, than can be used to order it (rules are evaluated by alphabetical order).</div>
</li>
<li class="level1"><div class="li"> <strong>Rule</strong>: The condition that will be evaluated. If this condition does not return true, then the session is refused.</div>
</li>
<li class="level1"><div class="li"> <strong>Message</strong>: The message that will be displayed. That message can contain session data as user attributes or macros.</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Configuration" [255-] --></div>
</body>
</html>

10
doc/pages/documentation/current/handlerarch.html
View File

@ -68,23 +68,23 @@ Handlers are build on rows of modules:
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="2"> Platform </th><th class="col2 centeralign" rowspan="2"> Wrapper </th><th class="col3 centeralign" rowspan="2"> Types </th><th class="col4 centeralign" rowspan="2"> Main </th>
<th class="col0 centeralign" rowspan="2"> Usage </th><th class="col1 centeralign" colspan="2"> Platform </th><th class="col3 centeralign" rowspan="2"> Wrapper </th><th class="col4 centeralign" rowspan="2"> Types </th><th class="col5 centeralign" rowspan="2"> Main </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Applications </th><th class="col1 centeralign"> Launchers </th>
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0"> </td><td class="col1 centeralign"> ApacheMP2 </td><td class="col2 centeralign"> ApacheMP2::&lt;type&gt; </td><td class="col3 centeralign" rowspan="3"> Lib::&lt;type&gt; </td><td class="col4 centeralign" rowspan="3"> Main </td>
<td class="col0 centeralign"> Apache2 protection </td><td class="col1"> </td><td class="col2 centeralign"> ApacheMP2 </td><td class="col3 centeralign"> ApacheMP2::&lt;type&gt; </td><td class="col4 centeralign" rowspan="3"> Lib::&lt;type&gt; </td><td class="col5 centeralign" rowspan="3"> Main </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign" colspan="2"> Server </td><td class="col2 centeralign"> Server::&lt;type&gt; </td>
<td class="col0 centeralign"> Plack servers protection or Nginx/<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a> FastCGI/uWSGI server </td><td class="col1 centeralign" colspan="2"> Server </td><td class="col3 centeralign"> Server::&lt;type&gt; </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign" colspan="2"> PSGI </td><td class="col2 centeralign"> PSGI::&lt;type&gt; </td>
<td class="col0 centeralign"> <a href="selfmadeapplication.html#perl_auto-protected_cgi" class="wikilink1" title="documentation:2.0:selfmadeapplication">Self protected applications</a> </td><td class="col1 centeralign" colspan="2"> PSGI </td><td class="col3 centeralign"> PSGI::&lt;type&gt; </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [508-766] -->
<!-- EDIT3 TABLE [508-957] -->
<p>
Types are:
</p>

2
doc/pages/documentation/current/handlerauthbasic.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:handlerauthbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,handlerauthbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="handlerauthbasic.html"/>

30
doc/pages/documentation/current/idpcas.html
View File

@ -65,14 +65,12 @@
</div>
<!-- TOC END -->
<p>
AS server
</p>
<h1 class="sectionedit1" id="cas_server">CAS server</h1>
<div class="level1">
</div>
<h2 class="sectionedit1" id="presentation">Presentation</h2>
<!-- EDIT1 SECTION "CAS server" [1-26] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
@ -90,13 +88,13 @@ AS server
</p>
</div>
<!-- EDIT1 SECTION "Presentation" [19-389] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<!-- EDIT2 SECTION "Presentation" [27-397] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Configuration" [390-416] -->
<h3 class="sectionedit3" id="enabling_cas">Enabling CAS</h3>
<!-- EDIT3 SECTION "Configuration" [398-424] -->
<h3 class="sectionedit4" id="enabling_cas">Enabling CAS</h3>
<div class="level3">
<p>
@ -115,15 +113,15 @@ In the Manager, go in <code>General Parameters</code> » <code>Issuer modules</c
</div>
</div>
<!-- EDIT3 SECTION "Enabling CAS" [417-858] -->
<h3 class="sectionedit4" id="configuring_the_cas_service">Configuring the CAS Service</h3>
<!-- EDIT4 SECTION "Enabling CAS" [425-866] -->
<h3 class="sectionedit5" id="configuring_the_cas_service">Configuring the CAS Service</h3>
<div class="level3">
<p>
Then go in <code><abbr title="Central Authentication Service">CAS</abbr> Service</code> to define:
</p>
<ul>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> login</strong>: the session key transmitted to <abbr title="Central Authentication Service">CAS</abbr> client as the main identifier (<abbr title="Central Authentication Service">CAS</abbr> Principal)</div>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> login</strong>: the session key transmitted to <abbr title="Central Authentication Service">CAS</abbr> client as the main identifier (<abbr title="Central Authentication Service">CAS</abbr> Principal). This setting can be overriden per-application.</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> attributes</strong>: list of attributes that will be transmitted by default in the validate response. Keys are the name of attribute in the <abbr title="Central Authentication Service">CAS</abbr> response, values are the name of session key. </div>
</li>
@ -143,8 +141,8 @@ Then go in <code><abbr title="Central Authentication Service">CAS</abbr> Service
<div class="notetip">If <code><abbr title="Central Authentication Service">CAS</abbr> login</code> is not set, it uses <code>General Parameters</code> » <code>Logs</code> » <code>REMOTE_USER</code> data, which is set to <code>uid</code> by default
</div>
</div>
<!-- EDIT4 SECTION "Configuring the CAS Service" [859-2141] -->
<h3 class="sectionedit5" id="configuring_cas_applications">Configuring CAS Applications</h3>
<!-- EDIT5 SECTION "Configuring the CAS Service" [867-2197] -->
<h3 class="sectionedit6" id="configuring_cas_applications">Configuring CAS Applications</h3>
<div class="level3">
<p>
@ -166,6 +164,8 @@ You can then access the configuration of this application.
<ul>
<li class="level1"><div class="li"> <strong>Service <abbr title="Uniform Resource Locator">URL</abbr></strong> : the service (user-facing) <abbr title="Uniform Resource Locator">URL</abbr> of the <abbr title="Central Authentication Service">CAS</abbr>-enabled application.</div>
</li>
<li class="level1"><div class="li"> <strong>User attribute</strong> : session field that will be used as main identifier.</div>
</li>
<li class="level1"><div class="li"> <strong>Rule</strong> : The access control rule to enforce on this application. If left blank, access will be allowed for everyone.</div>
</li>
</ul>
@ -185,6 +185,6 @@ The attributes defined here will completely replace any attributes you may have
</p>
</div>
<!-- EDIT5 SECTION "Configuring CAS Applications" [2142-] --></div>
<!-- EDIT6 SECTION "Configuring CAS Applications" [2198-] --></div>
</body>
</html>

24
doc/pages/documentation/current/idpopenidconnect.html
View File

@ -108,15 +108,21 @@ As an OP, <abbr title="LemonLDAP::NG">LL::NG</abbr> supports a lot of OpenID Con
</li>
<li class="level1"><div class="li"> Session management</div>
</li>
<li class="level1"><div class="li"> FrontChannel Logout</div>
</li>
<li class="level1"><div class="li"> BackChannel Logout</div>
</li>
<li class="level1"><div class="li"> PKCE (Since <code>2.0.4</code>)</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [40-922] -->
<!-- EDIT2 SECTION "Presentation" [40-996] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [923-949] -->
<!-- EDIT3 SECTION "Configuration" [997-1023] -->
<h3 class="sectionedit4" id="openid_connect_service">OpenID Connect Service</h3>
<div class="level3">
@ -125,7 +131,7 @@ See <a href="openidconnectservice.html" class="wikilink1" title="documentation:2
</p>
</div>
<!-- EDIT4 SECTION "OpenID Connect Service" [950-1059] -->
<!-- EDIT4 SECTION "OpenID Connect Service" [1024-1133] -->
<h3 class="sectionedit5" id="issuerdb">IssuerDB</h3>
<div class="level3">
@ -145,7 +151,7 @@ Go in <code>General Parameters</code> » <code>Issuer modules</code> » <code>Op
</div>
</div>
<!-- EDIT5 SECTION "IssuerDB" [1060-1490] -->
<!-- EDIT5 SECTION "IssuerDB" [1134-1564] -->
<h3 class="sectionedit6" id="configuration_of_llng_in_relying_party">Configuration of LL::NG in Relying Party</h3>
<div class="level3">
@ -227,7 +233,7 @@ An example of its content:
<span class="br0">&#125;</span></pre>
</div>
<!-- EDIT6 SECTION "Configuration of LL::NG in Relying Party" [1491-3469] -->
<!-- EDIT6 SECTION "Configuration of LL::NG in Relying Party" [1565-3543] -->
<h3 class="sectionedit7" id="configuration_of_relying_party_in_llng">Configuration of Relying Party in LL::NG</h3>
<div class="level3">
@ -372,6 +378,10 @@ You can also define extra claims and link them to attributes (see below). Then y
</li>
<li class="level2"><div class="li"> <strong>Client secret</strong>: Client secret for this RP (can be use for symmetric signature)</div>
</li>
<li class="level2"><div class="li"> <strong>Public client</strong> (since version <code>2.0.4</code>): set this RP as public client, so authentication is not needed on token endpoint</div>
</li>
<li class="level2"><div class="li"> <strong>Require PKCE</strong> (since version <code>2.0.4</code>): a code challenge is required at token endpoint (see <a href="https://tools.ietf.org/html/rfc7636" class="urlextern" title="https://tools.ietf.org/html/rfc7636" rel="nofollow">RFC7636</a>)</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Display</strong>:</div>
@ -382,7 +392,7 @@ You can also define extra claims and link them to attributes (see below). Then y
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>User attribute</strong>: session field that with be used as main identifier (<code>sub</code>)</div>
<li class="level1"><div class="li"> <strong>User attribute</strong>: session field that will be used as main identifier (<code>sub</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>ID Token signature algorithm</strong>: Select one of <code>none</code>, <code>HS256</code>, <code>HS384</code>, <code>HS512</code>, <code>RS256</code>, <code>RS384</code>, <code>RS512</code></div>
</li>
@ -406,6 +416,6 @@ Associate attributes to extra claims if the RP request them, for example <code>b
</p>
</div>
<!-- EDIT7 SECTION "Configuration of Relying Party in LL::NG" [3470-] --></div>
<!-- EDIT7 SECTION "Configuration of Relying Party in LL::NG" [3544-] --></div>
</body>
</html>

12
doc/pages/documentation/current/impersonation.html
View File

@ -79,18 +79,26 @@ Just enable it in the Manager (section “plugins”) by setting a rule. Imperso
</ul>
<div class="notewarning">You HAVE TO modify <strong>REMOTE_USER</strong> to log both real AND spoofed uid.
<p>
Set a macro like this : <code> _whatToTrace -&gt; $real__user ? &quot;$real__user/$_user&quot; : $_user </code>
Set a macro like this :
</p>
<p>
<code> _whatToTrace -&gt; $real__user ? &quot;$real__user / $_user&quot; : $_user / $_user </code>
</p>
<p>
and set <code>Genaral Parameters &gt; Logs &gt; REMOTE_USER</code> with <code> _whatToTrace </code>
</p>
</div><div class="noteimportant">Both spoofed and real profile attributes can be used to set access rules, groups or macros.
</div><div class="noteimportant">Both spoofed and real session attributes can be used to set access rules, groups or macros.
<p>
By example : <code>$real_uid eq &#039;dwho</code>&#039; or <code>$real_groups =~ /\bsu\b/</code>
</p>
<p>
Keep in mind that real session is computed first. Afterward, if access is granted, impersonated session is computed with real and spoofed session attributes if Impersonation is allowed.
</p>
</div><div class="noteimportant">By example, to prevent impersonation with &#039;dwho&#039; set <strong>Identities use rule</strong> like :
<p>
<code> $uid ne &#039;dwho&#039; </code>

4
doc/pages/documentation/current/mitm
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=f5d398c4fc6f21e5e626ce5d49ffe634" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1554967384" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1557671508" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

97
doc/pages/documentation/current/oauth2handler.html Normal file
View File

@ -0,0 +1,97 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:oauth2handler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,oauth2handler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="oauth2handler.html"/>
<link rel="contents" href="oauth2handler.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:oauth2handler","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="oauth2_handler">OAuth2 Handler</h1>
<div class="level1">
<p>
<img src="documentation/oauth-retina-preview.5ca2e2d7241bbcec7d492df10866fdd3.jpeg" class="mediacenter" alt="" width="200" />
</p>
</div>
<!-- EDIT1 SECTION "OAuth2 Handler" [1-95] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
This Handler is able to check an OAuth2 access token to retrieve the user real session and protect a virtual host like a standard Handler (access control and HTTP headers transmission).
</p>
<p>
This requires to get an OAuth2 access token trough <abbr title="LemonLDAP::NG">LL::NG</abbr> Portal (OpenID Connect server). This access token can then be used in the <code>Authorization</code> header to authenticate to the Web Service / <abbr title="Application Programming Interface">API</abbr> protected by the OAuth2 Handler.
</p>
<p>
<img src="documentation/oauth2_handler.png" class="mediacenter" alt="" />
</p>
<div class="notetip">In the above schema, the OpenID Connect process is simplified. How the front application receives the Access Token depends on the requested flow (Authorization code, Implicit or Hybrid). In all cases, the application will have an Access Token and will be able to use it to request a Web Service.
</div>
<p>
Example:
</p>
<pre class="code">curl -H &quot;Authorization: Bearer de853461341e88e9def8fcb9db2a81c4&quot; https://oauth2.example.com/api/test | json_pp</pre>
<pre class="code javascript"><span class="br0">&#123;</span>
check<span class="sy0">:</span> <span class="kw2">true</span><span class="sy0">,</span>
user<span class="sy0">:</span> <span class="st0">&quot;dwho&quot;</span>
<span class="br0">&#125;</span></pre>
</div>
<!-- EDIT2 SECTION "Presentation" [96-1104] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
Protect you virtual host like any other virtual host with the standard Handler.
</p>
<p>
Define access rules and headers. Then in <code>Options</code> &gt; <code>Type</code>, choose <code>OAuth2</code>.
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [1105-] --></div>
</body>
</html>

2
doc/pages/documentation/current/parameterlist.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>

67
doc/pages/documentation/current/performances.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:performances</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,performances"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="performances.html"/>
@ -49,7 +49,11 @@
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#global_performance">Global performance</a></div></li>
<li class="level1"><div class="li"><a href="#global_performance">Global performance</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#cron_optimization">Cron optimization</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#handler_performance">Handler performance</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#macros_and_groups">Macros and groups</a></div></li>
@ -107,7 +111,22 @@ To bypass this, you can:
</div>
<!-- EDIT2 SECTION "Global performance" [250-650] -->
<h2 class="sectionedit3" id="handler_performance">Handler performance</h2>
<h3 class="sectionedit3" id="cron_optimization">Cron optimization</h3>
<div class="level3">
<p>
LLNG installs its cron files without knowing how many servers are installed. You should optimize this to launch:
</p>
<ul>
<li class="level1"><div class="li"> purgeCentralCache: only 1 time every 10 minutes for the whole system</div>
</li>
<li class="level1"><div class="li"> purgeLocalCache: ~ 1 time per hour on each server</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Cron optimization" [651-920] -->
<h2 class="sectionedit4" id="handler_performance">Handler performance</h2>
<div class="level2">
<p>
@ -123,8 +142,8 @@ Handlers check rights and calculate headers for each HTTP hit. So to improve per
</p>
</div>
<!-- EDIT3 SECTION "Handler performance" [651-1080] -->
<h3 class="sectionedit4" id="macros_and_groups">Macros and groups</h3>
<!-- EDIT4 SECTION "Handler performance" [921-1350] -->
<h3 class="sectionedit5" id="macros_and_groups">Macros and groups</h3>
<div class="level3">
<p>
@ -184,8 +203,8 @@ admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="
</div><div class="noteimportant">Macros and groups are computed in alphanumeric order, that is, in the order they are displayed in the manager. For example, macro “macro1” will be computed before macro “macro2”: so, expression of macro2 may involve value of macro1. As same for groups: a group rule may involve another, previously computed group.
</div>
</div>
<!-- EDIT4 SECTION "Macros and groups" [1081-3175] -->
<h3 class="sectionedit5" id="local_macros">Local macros</h3>
<!-- EDIT5 SECTION "Macros and groups" [1351-3445] -->
<h3 class="sectionedit6" id="local_macros">Local macros</h3>
<div class="level3">
<p>
@ -198,13 +217,13 @@ Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class
<div class="notetip">Note that this feature is interesting only for the Lemonldap::NG systems protecting a high number of applications
</div>
</div>
<!-- EDIT5 SECTION "Local macros" [3176-3837] -->
<h2 class="sectionedit6" id="portal_performances">Portal performances</h2>
<!-- EDIT6 SECTION "Local macros" [3446-4107] -->
<h2 class="sectionedit7" id="portal_performances">Portal performances</h2>
<div class="level2">
</div>
<!-- EDIT6 SECTION "Portal performances" [3838-3870] -->
<h3 class="sectionedit7" id="general_performances">General performances</h3>
<!-- EDIT7 SECTION "Portal performances" [4108-4140] -->
<h3 class="sectionedit8" id="general_performances">General performances</h3>
<div class="level3">
<p>
@ -226,8 +245,8 @@ By default it uses local storage to store its tokens. If you have more than 1 po
</div>
</div>
<!-- EDIT7 SECTION "General performances" [3871-4748] -->
<h3 class="sectionedit8" id="apachesession_performances">Apache::Session performances</h3>
<!-- EDIT8 SECTION "General performances" [4141-5018] -->
<h3 class="sectionedit9" id="apachesession_performances">Apache::Session performances</h3>
<div class="level3">
<p>
@ -289,7 +308,7 @@ Look at <a href="browseablesessionbackend.html" class="wikilink1" title="documen
<p>
This test isn&#039;t an “only-backend” test but embedded some LLNG methods, so real differences between engines are mitigate here.
</p>
<div class="table sectionedit9"><table class="inline table table-bordered table-striped">
<div class="table sectionedit10"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="2"> Backend </th><th class="col2 centeralign" colspan="3"> Portal and handlers </th><th class="col5 centeralign" colspan="3"> Session explorer and one-off sessions </th>
@ -338,7 +357,7 @@ This test isn&#039;t an “only-backend” test but embedded some LLNG methods,
<td class="col0 centeralign" colspan="8"> <em>The source of this test is available in sources: e2e-tests/sbperf.pl</em> </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [7640-9543] --><ul>
<!-- EDIT10 TABLE [7910-9813] --><ul>
<li class="level1"><div class="li"> <em><strong>(1) :</strong> “purge” test is done with Apache::Session::Browseable-1.2.5 and LLG-2.0. Earlier results are not so good.</em></div>
</li>
<li class="level1"><div class="li"> <em><strong>(2) :</strong> “purge” test is done with Apache::Session::Browseable-1.2.6 and LLG-2.0.</em></div>
@ -362,8 +381,8 @@ Analysis:
</ul>
</div>
<!-- EDIT8 SECTION "Apache::Session performances" [4749-10321] -->
<h3 class="sectionedit10" id="ldap_performances">LDAP performances</h3>
<!-- EDIT9 SECTION "Apache::Session performances" [5019-10591] -->
<h3 class="sectionedit11" id="ldap_performances">LDAP performances</h3>
<div class="level3">
<p>
@ -399,13 +418,13 @@ Now ldapgroups contains “admin su”
</div>
</div>
<!-- EDIT10 SECTION "LDAP performances" [10322-11456] -->
<h2 class="sectionedit11" id="manager_performances">Manager performances</h2>
<!-- EDIT11 SECTION "LDAP performances" [10592-11726] -->
<h2 class="sectionedit12" id="manager_performances">Manager performances</h2>
<div class="level2">
</div>
<!-- EDIT11 SECTION "Manager performances" [11457-11490] -->
<h3 class="sectionedit12" id="disable_unused_modules">Disable unused modules</h3>
<!-- EDIT12 SECTION "Manager performances" [11727-11760] -->
<h3 class="sectionedit13" id="disable_unused_modules">Disable unused modules</h3>
<div class="level3">
<p>
@ -415,8 +434,8 @@ In lemonldap-ng.ini, set only modules that you will use. By default, configurati
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>
</div>
<!-- EDIT12 SECTION "Disable unused modules" [11491-11752] -->
<h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
<!-- EDIT13 SECTION "Disable unused modules" [11761-12022] -->
<h3 class="sectionedit14" id="use_static_html_files">Use static HTML files</h3>
<div class="level3">
<p>
@ -442,6 +461,6 @@ So manager <abbr title="HyperText Markup Language">HTML</abbr> templates will be
</p>
</div>
<!-- EDIT13 SECTION "Use static HTML files" [11753-] --></div>
<!-- EDIT14 SECTION "Use static HTML files" [12023-] --></div>
</body>
</html>

36
doc/pages/documentation/current/plugincustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:plugincustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,plugincustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="plugincustom.html"/>
@ -88,6 +88,32 @@ You can now write a custom portal plugin that will hook in the authentication pr
</li>
</ul>
<p>
If you need to call a method just after any standard method in authentication process, then use <code>afterSub</code>, for example:
</p>
<pre class="code perl"> <span class="kw2">use</span> constant afterSub <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
getUser <span class="sy0">=&gt;</span> <span class="st_h">'mysub'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="kw2">sub</span> mysub <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span> <span class="re0">$self</span> <span class="sy0">,</span><span class="re0">$req</span> <span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="co1"># Do something</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> PE_OK<span class="sy0">;</span>
<span class="br0">&#125;</span></pre>
<p>
If you need to call a method instead any standard method in authentication process, then use <code>aroundSub</code>, for example:
</p>
<pre class="code perl"> <span class="kw2">use</span> constant aroundSub <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
getUser <span class="sy0">=&gt;</span> <span class="st_h">'mysub'</span><span class="sy0">,</span>
<span class="br0">&#125;</span><span class="sy0">;</span>
<span class="kw2">sub</span> mysub <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span> <span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$sub</span><span class="sy0">,</span> <span class="re0">$req</span> <span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="co1"># Do something before</span>
<span class="kw1">my</span> <span class="re0">$ret</span> <span class="sy0">=</span> <span class="re0">$sub</span><span class="sy0">-&gt;</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="co1"># Do something after</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$ret</span><span class="sy0">;</span>
<span class="br0">&#125;</span></pre>
<p>
The plugin can also define new routes and call actions on them.
</p>
@ -97,12 +123,12 @@ See also <code>Lemonldap::NG::Portal::Main::Plugin</code> man page.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [38-794] -->
<!-- EDIT2 SECTION "Presentation" [38-1449] -->
<h2 class="sectionedit3" id="example">Example</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Example" [795-815] -->
<!-- EDIT3 SECTION "Example" [1450-1470] -->
<h3 class="sectionedit4" id="plugin_perl_module">Plugin Perl module</h3>
<div class="level3">
@ -147,7 +173,7 @@ extends <span class="st_h">'Lemonldap::NG::Portal::Main::Plugin'</span><span cla
<span class="nu0">1</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT4 SECTION "Plugin Perl module" [816-2090] -->
<!-- EDIT4 SECTION "Plugin Perl module" [1471-2745] -->
<h3 class="sectionedit5" id="configuration">Configuration</h3>
<div class="level3">
@ -160,6 +186,6 @@ customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><sp
<span class="sy0">;</span>customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin1</span><span class="sy0">,</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin2</span><span class="sy0">,</span> <span class="sy0">...</span></pre>
</div>
<!-- EDIT5 SECTION "Configuration" [2091-] --></div>
<!-- EDIT5 SECTION "Configuration" [2746-] --></div>
</body>
</html>

18
doc/pages/documentation/current/portalcustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:portalcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,portalcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portalcustom.html"/>
@ -299,11 +299,11 @@ You can also define messages in several languages or disable message boxes by us
</ul>
<p>
If you have a custom skin, then you can create a lang file in <code>templates/&lt;your skin</code> similar to the default lang files provided in <code>htdocs/static/languages/</code>.
If you have a custom skin, then you can create a lang file in <code>templates/&lt;your skin&gt;</code> similar to the default lang files provided in <code>htdocs/static/languages/</code>.
</p>
<p>
For example <code>htdocs/static/languages/en.json</code>:
For example <code>templates/myskin/en.json</code>:
</p>
<pre class="code file javascript"><span class="br0">&#123;</span>
<span class="st0">&quot;PE9&quot;</span><span class="sy0">:</span><span class="st0">&quot;Please authenticate!&quot;</span>
@ -314,7 +314,7 @@ You can also create a file called <code>all.json</code> to override messages in
</p>
</div>
<!-- EDIT10 SECTION "Messages" [4451-5593] -->
<!-- EDIT10 SECTION "Messages" [4451-5587] -->
<h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
<div class="level3">
@ -330,7 +330,7 @@ This will allow one to display the tab directly with this <abbr title="Uniform R
</p>
</div>
<!-- EDIT11 SECTION "Menu tabs" [5594-5900] -->
<!-- EDIT11 SECTION "Menu tabs" [5588-5894] -->
<h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
<div class="level3">
@ -358,7 +358,7 @@ You can also display environment variables, with the prefix <code>env_</code>:
<pre class="code file html4strict">Your IP is <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;env_REMOTE_ADDR&quot;</span>&gt;</span></pre>
</div>
<!-- EDIT12 SECTION "Template parameters" [5901-6548] -->
<!-- EDIT12 SECTION "Template parameters" [5895-6542] -->
<h2 class="sectionedit13" id="buttons">Buttons</h2>
<div class="level2">
@ -375,7 +375,7 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT13 SECTION "Buttons" [6549-7065] -->
<!-- EDIT13 SECTION "Buttons" [6543-7059] -->
<h2 class="sectionedit14" id="password_management">Password management</h2>
<div class="level2">
<ul>
@ -388,7 +388,7 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT14 SECTION "Password management" [7066-7516] -->
<!-- EDIT14 SECTION "Password management" [7060-7510] -->
<h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
<div class="level2">
<ul>
@ -407,6 +407,6 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT15 SECTION "Other parameters" [7517-] --></div>
<!-- EDIT15 SECTION "Other parameters" [7511-] --></div>
</body>
</html>

2
doc/pages/documentation/current/portalmenu.html
View File

@ -123,7 +123,7 @@ Application parameters:
<p>
<img src="documentation/manager-portal-menu-icon.png" class="mediacenter" alt="" />
</p>
<div class="notetip">The chosen logo file must be in portal applications logos directory (<code>portal/static/common/apps/</code>). You can set a custom logo by setting the logo file name directly in the field, and copy the logo file in portal applications logos directory
<div class="notetip">The chosen logo file must be in portal applications logos directory (<code>portal/htdocs/static/common/apps/</code>). You can set a custom logo by setting the logo file name directly in the field, and copy the logo file in portal applications logos directory
</div>
</div>
<!-- EDIT3 SECTION "Categories and applications" [828-] --></div>

14
doc/pages/documentation/current/portalservers.html
View File

@ -72,21 +72,23 @@
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal can be configured as REST or <em>(deprecated)</em> SOAP server, for several usage:
</p>
<ul>
<li class="level1"><div class="li"> Configuration sharing</div>
<li class="level1"><div class="li"> Configuration access</div>
</li>
<li class="level1"><div class="li"> Sessions sharing</div>
<li class="level1"><div class="li"> Sessions access</div>
</li>
<li class="level1"><div class="li"> Authentication</div>
</li>
<li class="level1"><div class="li"> Specific application needs</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [35-231] -->
<!-- EDIT2 SECTION "Presentation" [35-248] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [232-258] -->
<!-- EDIT3 SECTION "Configuration" [249-275] -->
<h3 class="sectionedit4" id="rest">REST</h3>
<div class="level3">
@ -107,7 +109,7 @@ See also <a href="restservices.html" class="wikilink1" title="documentation:2.0:
</p>
</div>
<!-- EDIT4 SECTION "REST" [259-583] -->
<!-- EDIT4 SECTION "REST" [276-600] -->
<h3 class="sectionedit5" id="soapdeprecated">SOAP //(deprecated)//</h3>
<div class="level3">
@ -128,6 +130,6 @@ See also <a href="soapservices.html" class="wikilink1" title="documentation:2.0:
</p>
</div>
<!-- EDIT5 SECTION "SOAP //(deprecated)//" [584-] --></div>
<!-- EDIT5 SECTION "SOAP //(deprecated)//" [601-] --></div>
</body>
</html>

10
doc/pages/documentation/current/resetpassword.html
View File

@ -94,10 +94,10 @@ The SMTP server must be setup, see <a href="smtp.html" class="wikilink1" title="
</p>
<p>
Then go in Manager, <code>General Parameters</code> » <code>Advanced parameters</code> » <code>Password management</code> :
Then go in Manager, <code>General Parameters</code> » <code>Plugins</code> » <code>Password management</code> :
</p>
<ul>
<li class="level1"><div class="li"> <strong>Mail content</strong>:</div>
<li class="level1"><div class="li"> <strong>Password reset mail content</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Success mail subject</strong>: Subject of mail sent when password is changed (default: [LemonLDAP::NG] Your new password)</div>
</li>
@ -124,13 +124,11 @@ If you define mail contents in Manager, <abbr title="HyperText Markup Language">
</div><ul>
<li class="level1"><div class="li"> <strong>Other</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Page <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Uniform Resource Locator">URL</abbr> of password reset page (default: [PORTAL]/mail.pl)</div>
</li>
<li class="level2"><div class="li"> <strong>Regexp for password generation</strong>: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})</div>
<li class="level2"><div class="li"> <strong>Page <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Uniform Resource Locator">URL</abbr> of password reset page (default: [PORTAL]/resetpwd)</div>
</li>
<li class="level2"><div class="li"> <strong>Validity time of a password reset request</strong>: number of seconds for password reset request validity. During this period, user can ask the confirmation mail to be resent (default: session timeout value)</div>
</li>
<li class="level2"><div class="li"> <strong>Session key containing mail address</strong>: name of the session key containing email address. This value will be used to know to which recipient the has to be sent (default: mail).</div>
<li class="level2"><div class="li"> <strong>Regexp for password generation</strong>: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})</div>
</li>
</ul>
</li>

135
doc/pages/documentation/current/restservices.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:restservices</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,restservices"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="restservices.html"/>
@ -43,24 +43,149 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#portal_rest_services">Portal REST services</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#authentication">Authentication</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#api">API</a></div></li>
<li class="level3"><div class="li"><a href="#example">Example</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#sessions">Sessions</a></div></li>
<li class="level2"><div class="li"><a href="#configuration">Configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="rest_services">REST services</h1>
<div class="level1">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal provide a REST server that can be enable to give configuration and/or session. These features can be enabled using the manager.
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal is a REST server that gives access to configuration, session and also authentication.
</p>
</div>
<!-- EDIT1 SECTION "REST services" [1-172] -->
<!-- EDIT1 SECTION "REST services" [1-130] -->
<h2 class="sectionedit2" id="portal_rest_services">Portal REST services</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Portal REST services" [131-164] -->
<h3 class="sectionedit3" id="authentication">Authentication</h3>
<div class="level3">
<p>
REST functions are not accessible by network by default. REST functions are protected by Web Server, you can change this in <a href="configlocation.html#portal" class="wikilink1" title="documentation:2.0:configlocation">portal configuration</a>.
The authentication service is always available with REST, you just need to send credentials on portal <abbr title="Uniform Resource Locator">URL</abbr>. But by default, the portal is protected by <a href="security.html#portal" class="wikilink1" title="documentation:2.0:security">one time tokens to prevent CSRF</a>. You must disable them or set a rule (configuration parameter <code>requireToken</code>) so token will not be required for REST requests, for example:
</p>
<pre class="code perl"><span class="re0">$env</span><span class="sy0">-&gt;</span><span class="br0">&#123;</span>HTTP_ACCEPT<span class="br0">&#125;</span> <span class="sy0">!~</span> <a href="http://perldoc.perl.org/functions/m.html"><span class="kw3">m</span></a><span class="sy0">:</span>application<span class="sy0">/</span>json<span class="sy0">:</span></pre>
</div>
<h4 id="api">API</h4>
<div class="level4">
<p>
Request parameters:
</p>
<ul>
<li class="level1"><div class="li"> Endpoint: <code>/</code></div>
</li>
<li class="level1"><div class="li"> Method: <code>POST</code></div>
</li>
<li class="level1"><div class="li"> Request headers:</div>
<ul>
<li class="level2"><div class="li"> <code>Accept</code>: <code>application/json</code></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> POST data:</div>
<ul>
<li class="level2"><div class="li"> <code>user</code>: user login</div>
</li>
<li class="level2"><div class="li"> <code>password</code>: user password</div>
</li>
<li class="level2"><div class="li"> xxx: optional parameters, like <code>lmAuth</code> if your portal uses <code>Choice</code></div>
</li>
</ul>
</li>
</ul>
<p>
The JSON response fields are:
</p>
<ul>
<li class="level1"><div class="li"> <code>result</code>: authentication result, <code>0</code> if it fails, <code>1</code> if it succeed</div>
</li>
<li class="level1"><div class="li"> <code>error</code>: error code, the corresponding error can be found in <code>Lemonldap::NG::Portal::Main::Constants</code></div>
</li>
<li class="level1"><div class="li"> <code>id</code>: if authentication succeed, the session id is returned in this field</div>
</li>
</ul>
<div class="notetip">You can also get the cookie by reading the response header <code>Cookie</code> returned by the portal.
</div><div class="noteimportant">Before version 2.0.4, the response to a success authentication had no <code>id</code> field, and <code>error</code> field was named <code>code</code> <em>(use Cookie header to get id value)</em>.
</div>
</div>
<h4 id="example">Example</h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> Request with curl:</div>
</li>
</ul>
<pre class="code">curl -H &quot;Accept: application/json&quot; -d user=rtyler -d password=rtyler http://auth.example.com/ | json_pp</pre>
<ul>
<li class="level1"><div class="li"> Response for bad authentication:</div>
</li>
</ul>
<pre class="code javascript"><span class="br0">&#123;</span>
<span class="st0">&quot;result&quot;</span> <span class="sy0">:</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st0">&quot;error&quot;</span> <span class="sy0">:</span> <span class="nu0">5</span>
<span class="br0">&#125;</span></pre>
<ul>
<li class="level1"><div class="li"> Response for good authentication:</div>
</li>
</ul>
<pre class="code javascript"><span class="br0">&#123;</span>
<span class="st0">&quot;result&quot;</span> <span class="sy0">:</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st0">&quot;error&quot;</span> <span class="sy0">:</span> <span class="st0">&quot;0&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;id&quot;</span> <span class="sy0">:</span> <span class="st0">&quot;b048bf87ca401da1d89419813e3acf466d5e4465fe3a1f7adfd8240bd161bde2&quot;</span>
<span class="br0">&#125;</span></pre>
</div>
<!-- EDIT3 SECTION "Authentication" [165-1931] -->
<h3 class="sectionedit4" id="sessions">Sessions</h3>
<div class="level3">
<p>
REST functions for sessions are protected by Web Server, you can change this in <a href="configlocation.html#portal" class="wikilink1" title="documentation:2.0:configlocation">portal configuration</a>.
</p>
<p>
See <a href="restsessionbackend.html" class="wikilink1" title="documentation:2.0:restsessionbackend">REST session backend documentation</a> for more.
</p>
</div>
<!-- EDIT2 SECTION "Portal REST services" [173-] --></div>
<!-- EDIT4 SECTION "Sessions" [1932-2153] -->
<h3 class="sectionedit5" id="configuration">Configuration</h3>
<div class="level3">
<p>
REST functions for configuration are protected by Web Server, you can change this in <a href="configlocation.html#portal" class="wikilink1" title="documentation:2.0:configlocation">portal configuration</a>.
</p>
<p>
See <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST configuration backend documentation</a> for more.
</p>
</div>
<!-- EDIT5 SECTION "Configuration" [2154-] --></div>
</body>
</html>

45
doc/pages/documentation/current/security.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:security</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,security"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="security.html"/>
@ -165,15 +165,16 @@ LLNG portal now embeds the following features:
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Brute-force_attack" class="urlextern" title="https://en.wikipedia.org/wiki/Brute-force_attack" rel="nofollow">Brute-force attack</a> protection: after some failed logins, user must wait before re-try to log into Portal.</div>
</li>
</ul>
<div class="noteimportant">* Brute-force attack protection is DISABLED by default
<p>
* Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
</p>
<div class="noteimportant"><ul>
<li class="level1"><div class="li"> Brute-force attack protection is DISABLED by default</div>
</li>
<li class="level1"><div class="li"> Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes <code>*</code>.</div>
</li>
</ul>
</div>
</div>
<!-- EDIT6 SECTION "Portal" [2106-3211] -->
<!-- EDIT6 SECTION "Portal" [2106-3218] -->
<h3 class="sectionedit7" id="split_portal_when_using_soaprest">Split portal when using SOAP/REST</h3>
<div class="level3">
@ -182,12 +183,12 @@ If you use <a href="soapsessionbackend.html" class="wikilink1" title="documentat
</p>
</div>
<!-- EDIT7 SECTION "Split portal when using SOAP/REST" [3212-3402] -->
<!-- EDIT7 SECTION "Split portal when using SOAP/REST" [3219-3409] -->
<h2 class="sectionedit8" id="write_good_rules">Write good rules</h2>
<div class="level2">
</div>
<!-- EDIT8 SECTION "Write good rules" [3403-3432] -->
<!-- EDIT8 SECTION "Write good rules" [3410-3439] -->
<h3 class="sectionedit9" id="order_your_rules">Order your rules</h3>
<div class="level3">
@ -220,7 +221,7 @@ For example, if these rules are used without comments:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3846-3956] -->
<!-- EDIT10 TABLE [3853-3963] -->
<p>
Then the second rule will be applied first, so every authenticated user will access to <code>/pub/admin</code> directory.
</p>
@ -241,7 +242,7 @@ Use comment to correct this:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> 2_pub </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [4101-4225] --><div class="notetip"><ul>
<!-- EDIT11 TABLE [4108-4232] --><div class="notetip"><ul>
<li class="level1"><div class="li"> Reload the Manager to see the effective order</div>
</li>
<li class="level1"><div class="li"> Use rule comments to order your rules</div>
@ -250,7 +251,7 @@ Use comment to correct this:
</div>
</div>
<!-- EDIT9 SECTION "Order your rules" [3433-4338] -->
<!-- EDIT9 SECTION "Order your rules" [3440-4345] -->
<h3 class="sectionedit12" id="be_careful_with_url_parameters">Be careful with URL parameters</h3>
<div class="level3">
@ -274,7 +275,7 @@ For example with this rule on the <code>access</code> parameter:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [4575-4709] -->
<!-- EDIT13 TABLE [4582-4716] -->
<p>
Then a user that try to access to one of the following <em class="u">will be granted</em> !
</p>
@ -304,11 +305,11 @@ You can use the following rules instead:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [4907-5110] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
<!-- EDIT14 TABLE [4914-5117] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
</div><div class="notewarning">Remember that rules written on GET parameters must be tested.
</div>
</div>
<!-- EDIT12 SECTION "Be careful with URL parameters" [4339-5247] -->
<!-- EDIT12 SECTION "Be careful with URL parameters" [4346-5254] -->
<h3 class="sectionedit15" id="encoded_characters">Encoded characters</h3>
<div class="level3">
@ -317,13 +318,13 @@ Some characters are encoded in URLs by the browser (such as space,...). To avoid
</p>
</div>
<!-- EDIT15 SECTION "Encoded characters" [5248-5495] -->
<!-- EDIT15 SECTION "Encoded characters" [5255-5502] -->
<h3 class="sectionedit16" id="ip_in_rules">IP in rules</h3>
<div class="level3">
<div class="notewarning">If you are running LemonLDAP::NG behind a reverse proxy, make sure you check the <a href="behindproxyminihowto.html" class="wikilink1" title="documentation:2.0:behindproxyminihowto">Reverse Proxy how-to</a> so that the rule applies to the real user <abbr title="Internet Protocol">IP</abbr> and not the reverse proxy&#039;s <abbr title="Internet Protocol">IP</abbr>. Make sure you only specify trusted proxy addresses so that an attacker cannot forge the <code>X-Forwarded-For</code> header
</div>
</div>
<!-- EDIT16 SECTION "IP in rules" [5496-5859] -->
<!-- EDIT16 SECTION "IP in rules" [5503-5866] -->
<h2 class="sectionedit17" id="secure_reverse-proxies">Secure reverse-proxies</h2>
<div class="level2">
@ -369,7 +370,7 @@ It is recommended to secure the channel between reverse-proxies and application
</ul>
</div>
<!-- EDIT17 SECTION "Secure reverse-proxies" [5860-7528] -->
<!-- EDIT17 SECTION "Secure reverse-proxies" [5867-7535] -->
<h2 class="sectionedit18" id="configure_security_settings">Configure security settings</h2>
<div class="level2">
@ -411,7 +412,7 @@ requireToken =&gt; $env-&gt;{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/
</div>
</div>
<!-- EDIT18 SECTION "Configure security settings" [7529-10106] -->
<!-- EDIT18 SECTION "Configure security settings" [7536-10113] -->
<h2 class="sectionedit19" id="fail2ban">Fail2ban</h2>
<div class="level2">
@ -463,7 +464,7 @@ Restart fail2ban
</p>
</div>
<!-- EDIT19 SECTION "Fail2ban" [10107-11161] -->
<!-- EDIT19 SECTION "Fail2ban" [10114-11168] -->
<h2 class="sectionedit20" id="sessions_identifier">Sessions identifier</h2>
<div class="level2">
@ -476,7 +477,7 @@ We recommend to use : <code>Lemonldap::NG::Common::Apache::Session::Generate::SH
</p>
</div>
<!-- EDIT20 SECTION "Sessions identifier" [11162-11424] -->
<!-- EDIT20 SECTION "Sessions identifier" [11169-11431] -->
<h2 class="sectionedit21" id="saml">SAML</h2>
<div class="level2">
@ -485,6 +486,6 @@ See <a href="samlservice.html#security_parameters" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT21 SECTION "SAML" [11425-] --></div>
<!-- EDIT21 SECTION "SAML" [11432-] --></div>
</body>
</html>

2
doc/pages/documentation/current/selfmadeapplication.html
View File

@ -121,7 +121,7 @@ First create a PSGI module based on Lemonldap::NG::Handler:
</p>
<pre class="code perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> base <span class="st0">&quot;Lemonldap::NG::Handler::PSGI&quot;</span><span class="sy0">;</span>
<span class="kw2">use</span> base <span class="st0">&quot;Lemonldap::NG::Handler::PSGI&quot;</span><span class="sy0">;</span> <span class="co1"># or Lemonldap::NG::Handler::PSGI::OAuth2, etc…</span>
&nbsp;
<span class="kw2">sub</span> init <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span><span class="re0">$args</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>

6
doc/pages/documentation/current/sessions.html
View File

@ -66,7 +66,7 @@ To configure sessions, go in Manager, <code>General Parameters</code> » <code>S
</ul>
<div class="notewarning">Session activity timeout requires Handlers to have a write access to sessions database.
</div><ul>
<li class="level1"><div class="li"> <strong>Opening conditions</strong>: rules which are evaluated before granting session. If a user does not comply with any condition, he is prompted a customized message. That message can contain session data as user attributes or macros. The conditions are checked in alphabetical order of comments.</div>
<li class="level1"><div class="li"> <strong>Opening conditions</strong>: rules which are evaluated before granting session, see <a href="grantsession.html" class="wikilink1" title="documentation:2.0:grantsession">Grant Session plugin documentation</a></div>
</li>
<li class="level1"><div class="li"> <strong>Sessions Storage</strong>: you can define here which session backend to use, with the backend options. See <a href="start.html#sessions_database" class="wikilink1" title="documentation:2.0:start">sessions database configuration</a> to know which modules you can use. Here are some global options that you can use with all sessions backends:</div>
<ul>
@ -94,7 +94,7 @@ To configure sessions, go in Manager, <code>General Parameters</code> » <code>S
<div class="noteimportant">Note that since HTTP protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.
</div>
</div>
<!-- EDIT1 SECTION "Sessions" [1-2284] -->
<!-- EDIT1 SECTION "Sessions" [1-2127] -->
<h1 class="sectionedit2" id="command-line_tools">Command-line tools</h1>
<div class="level1">
<ul>
@ -109,6 +109,6 @@ $ llngDeleteSession dh*
$ llngDeleteSession *</pre>
</div>
<!-- EDIT2 SECTION "Command-line tools" [2285-] --></div>
<!-- EDIT2 SECTION "Command-line tools" [2128-] --></div>
</body>
</html>

12
doc/pages/documentation/current/smtp.html
View File

@ -48,10 +48,12 @@
<div class="level1">
<p>
Go in General Parameters &gt; Extended Parameters &gt; SMTP
Go in <code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>SMTP</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>SMTP Server</strong>: <abbr title="Internet Protocol">IP</abbr> or hostname of the SMTP server</div>
<li class="level1"><div class="li"> <strong> Session key containing mail address</strong>: choose which session field contains mail address</div>
</li>
<li class="level2"><div class="li"> <strong>SMTP Server</strong>: <abbr title="Internet Protocol">IP</abbr> or hostname of the SMTP server</div>
</li>
<li class="level2"><div class="li"> <strong>SMTP Port</strong>: Port of the SMTP server</div>
</li>
@ -59,13 +61,15 @@ Go in General Parameters &gt; Extended Parameters &gt; SMTP
</li>
<li class="level2"><div class="li"> <strong>SMTP Password</strong>: SMTP password if authentication is required</div>
</li>
<li class="level2"><div class="li"> <strong> SSL/TLS protocol</strong> and <strong>SSL/TLS options</strong>: Here you can enable SMTPS or startTLS</div>
</li>
</ul>
<div class="notetip"><ul>
<li class="level1"><div class="li"> If no SMTP server is configured, the mail will be sent via the local sendmail program. Else, Net::SMTP module is required to use the SMTP server</div>
</li>
<li class="level1"><div class="li"> The SMTP server value can hold the port, for example: <code>mail.example.com:25</code></div>
</li>
<li class="level1"><div class="li"> If authentication is configured, Authen::SASL and MIME::Base64 modules are required</div>
<li class="level1"><div class="li"> If authentication is configured, <code>Authen::SASL</code> and <code>MIME::Base64</code> modules are required</div>
</li>
</ul>
@ -76,7 +80,7 @@ Go in General Parameters &gt; Extended Parameters &gt; SMTP
</li>
<li class="level2"><div class="li"> <strong>Reply address</strong>: address seen in the “Reply-To” field</div>
</li>
<li class="level2"><div class="li"> <strong>Mail charset</strong>: Charset used for the body of the mail (default: utf-8)</div>
<li class="level2"><div class="li"> <strong>charset</strong>: Charset used for the body of the mail (default: utf-8)</div>
</li>
</ul>
</li>

57
doc/pages/documentation/current/start.html
View File

@ -529,7 +529,7 @@
<td class="col0"> <a href="forcereauthn.html" class="wikilink1" title="documentation:2.0:forcereauthn">Force Authentication</a> </td><td class="col1"> Force authentication to access to Portal </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <a href="sessions.html" class="wikilink1" title="documentation:2.0:sessions">Grant Sessions rules</a> </td><td class="col1"></td>
<td class="col0"> <a href="grantsession.html" class="wikilink1" title="documentation:2.0:grantsession">Grant Sessions</a> </td><td class="col1"> Rules to apply before allowing a user to open a session </td>
</tr>
<tr class="row10 roweven">
<td class="col0"> <a href="impersonation.html" class="wikilink1" title="documentation:2.0:impersonation">Impersonation </a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Allow users to use another identity </td>
@ -559,13 +559,13 @@
<td class="col0"> Upgrade session <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Plugin that explain to user that a more secure authentication is needed instead of rejected it </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [6795-8293] -->
<!-- EDIT13 TABLE [6795-8349] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT9 SECTION "Portal" [2031-8321] -->
<!-- EDIT9 SECTION "Portal" [2031-8377] -->
<h3 class="sectionedit14" id="handlers">Handlers</h3>
<div class="level3">
@ -581,45 +581,50 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<div class="table sectionedit15"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Handler type </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 rightalign"> <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack* servers</a></th><th class="col4 centeralign"> Node.js </th><th class="col5 centeralign"> Comment </th><td class="col6"></td>
<th class="col0"> Handler type </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 rightalign"> <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack* servers</a></th><th class="col4 centeralign"> Node.js </th><th class="col5 centeralign"> <a href="selfmadeapplication.html#perl_auto-protected_cgi" class="wikilink1" title="documentation:2.0:selfmadeapplication">Self protected apps</a> </th><th class="col6 centeralign"> Comment </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> Main <em>(default handler)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"> <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Partial</a> (*) </td><td class="col5 leftalign"> </td><td class="col6"></td>
<td class="col0"> Main <em>(default handler)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"> <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Partial</a> <strong>(1)</strong> </td><td class="col5 centeralign"> </td><td class="col6 leftalign"> </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5"> Designed for some server-to-server applications </td><td class="col6"></td>
<td class="col0"> <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 centeralign"></td><td class="col6"> Designed for some server-to-server applications </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5"> For Cross Domain Authentication </td><td class="col6"></td>
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 centeralign"> </td><td class="col6"> For Cross Domain Authentication </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5"> Allows application developers to define their own rules and headers inside their applications </td><td class="col6"></td>
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> </td><td class="col6"> Allows application developers to define their own rules and headers inside their applications </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="devopssthandler.html" class="wikilink1" title="documentation:2.0:devopssthandler">DevOpsST</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5"> Enables both <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> and <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> </td><td class="col6"></td>
<td class="col0"> <a href="devopssthandler.html" class="wikilink1" title="documentation:2.0:devopssthandler">DevOpsST</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> </td><td class="col6"> Enables both <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> and <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5"> Designed to secure exchanges between a LLNG reverse-proxy and a remote app </td><td class="col6"></td>
<td class="col0"> <a href="oauth2handler.html" class="wikilink1" title="documentation:2.0:oauth2handler">OAuth2</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> <strong>(2)</strong> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 centeralign"> </td><td class="col6"> Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> <em>(Server-to-Server)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"> </td><td class="col5"> Designed to permit underlying requests <em>(<abbr title="Application Programming Interface">API</abbr>-Based Infrastructure)</em> </td><td class="col6"></td>
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td><td class="col6"> Designed to secure exchanges between a LLNG reverse-proxy and a remote app </td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> <em>(Server-to-Server)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 centeralign"></td><td class="col6"> Designed to permit underlying requests <em>(<abbr title="Application Programming Interface">API</abbr>-Based Infrastructure)</em> </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8596-9783] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
</p>
<!-- EDIT15 TABLE [8652-10173] --><ul>
<li class="level1"><div class="li"> <em>(1): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em></div>
</li>
<li class="level1"><div class="li"> <em>(2): <a href="oauth2handler.html" class="wikilink1" title="documentation:2.0:oauth2handler">OAuth2 Handler</a> is available with LLNG ≥ 2.0.4</em></div>
</li>
</ul>
<p>
</div></div>
</p>
</div>
<!-- EDIT14 SECTION "Handlers" [8322-9908] -->
<!-- EDIT14 SECTION "Handlers" [8378-10381] -->
<h3 class="sectionedit16" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -668,7 +673,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
</tr>
</table></div>
<!-- EDIT17 TABLE [10213-11325] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT17 TABLE [10686-11798] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -723,13 +728,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [12190-13890] -->
<!-- EDIT18 TABLE [12663-14363] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT16 SECTION "LLNG databases" [9909-13918] -->
<!-- EDIT16 SECTION "LLNG databases" [10382-14391] -->
<h2 class="sectionedit19" id="applications_protection">Applications protection</h2>
<div class="level2">
@ -758,7 +763,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Applications protection" [13919-14409] -->
<!-- EDIT19 SECTION "Applications protection" [14392-14882] -->
<h3 class="sectionedit20" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
@ -862,7 +867,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Well known compatible applications" [14410-16748] -->
<!-- EDIT20 SECTION "Well known compatible applications" [14883-17221] -->
<h2 class="sectionedit21" id="advanced_features">Advanced features</h2>
<div class="level2">
@ -921,7 +926,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT21 SECTION "Advanced features" [16749-17968] -->
<!-- EDIT21 SECTION "Advanced features" [17222-18441] -->
<h2 class="sectionedit22" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -958,7 +963,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT22 SECTION "Mini howtos" [17969-18863] -->
<!-- EDIT22 SECTION "Mini howtos" [18442-19336] -->
<h2 class="sectionedit23" id="exploitation">Exploitation</h2>
<div class="level2">
@ -993,7 +998,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT23 SECTION "Exploitation" [18864-19381] -->
<!-- EDIT23 SECTION "Exploitation" [19337-19854] -->
<h2 class="sectionedit24" id="bug_report">Bug report</h2>
<div class="level2">
@ -1002,7 +1007,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT24 SECTION "Bug report" [19382-19446] -->
<!-- EDIT24 SECTION "Bug report" [19855-19919] -->
<h2 class="sectionedit25" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -1069,6 +1074,6 @@ If you don&#039;t want to publish your translation <em>(<code>XX</code> must be
</ul>
</div>
<!-- EDIT25 SECTION "Developer corner" [19447-] --></div>
<!-- EDIT25 SECTION "Developer corner" [19920-] --></div>
</body>
</html>

4
doc/pages/documentation/current/stayconnected
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=f5d398c4fc6f21e5e626ce5d49ffe634" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1554967384" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1557671508" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
lemonldap-ng-common/META.json
View File

@ -4,13 +4,13 @@
"Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>"
],
"dynamic_config" : 1,
"generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010",
"generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010",
"license" : [
"open_source"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
"version" : "2"
},
"name" : "Lemonldap-NG-Common",
"no_index" : {

2
lemonldap-ng-common/META.yml
View File

@ -9,7 +9,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010'
generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010'
license: open_source
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html

4
lemonldap-ng-handler/META.json
View File

@ -4,13 +4,13 @@
"Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>"
],
"dynamic_config" : 1,
"generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010",
"generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010",
"license" : [
"open_source"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
"version" : "2"
},
"name" : "Lemonldap-NG-Handler",
"no_index" : {

2
lemonldap-ng-handler/META.yml
View File

@ -11,7 +11,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010'
generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010'
license: open_source
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html

4
lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t
View File

@ -18,8 +18,8 @@ ok(
localSessionStorage => '',
logLevel => 'warn',
cookieName => 'lemonldap',
securedCookie => 0,
https => 0,
securedCookie => 2,
https => 1,
userLogger => 'Lemonldap::NG::Common::Logger::Null',
}
),

4
lemonldap-ng-manager/META.json
View File

@ -4,13 +4,13 @@
"Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>"
],
"dynamic_config" : 1,
"generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010",
"generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010",
"license" : [
"open_source"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
"version" : "2"
},
"name" : "Lemonldap-NG-Manager",
"no_index" : {

2
lemonldap-ng-manager/META.yml
View File

@ -9,7 +9,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010'
generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010'
license: open_source
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html

14
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Cli.pm
View File

@ -31,6 +31,8 @@ has yes => ( is => 'rw', isa => 'Bool', default => 0 );
has force => ( is => 'rw', isa => 'Bool', default => 0 );
has log => ( is => 'rw' );
sub get {
my ( $self, @keys ) = @_;
die 'get requires at least one key' unless (@keys);
@ -248,12 +250,12 @@ sub _save {
$saveParams->{cfgNum} = $self->cfgNum;
$saveParams->{cfgNumFixed} = 1;
}
$new->{cfgAuthor} = 'lmConfigEditor: ' . `whoami`;
$new->{cfgAuthor} = scalar( getpwuid $< ) . '(command-line)';
chomp $new->{cfgAuthor};
$new->{cfgAuthorIP} = '';
$new->{cfgAuthorIP} = '127.0.0.1';
$new->{cfgDate} = time;
$new->{cfgVersion} = $VERSION;
$new->{cfgLog} = '';
$new->{cfgVersion} = $Lemonldap::NG::Manager::VERSION;
$new->{cfgLog} = $self->log // 'Modified using LLNG cli';
$new->{key} ||= join( '',
map { chr( int( ord( Crypt::URandom::urandom(1) ) * 94 / 256 ) + 33 ) }
( 1 .. 16 ) );
@ -395,6 +397,10 @@ Set it to 1 to save a configuration earlier than latest
Confirmation array line format. Default to "%-25s | %-25s | %-25s"
=head3 log()
String to insert in configuration log field (cfgLog)
=head2 run()
The main method: it reads option, command and launch the corresponding

14
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
View File

@ -25,9 +25,9 @@ sub addRoutes {
my ( $self, $conf ) = @_;
$self->ua( Lemonldap::NG::Common::UserAgent->new($conf) );
my $hiddenPK = '';
$hiddenPK = $self->{viewerHiddenKeys};
my @enabledPK = ();
my $hiddenKeys = '';
$hiddenKeys = $self->{viewerHiddenKeys};
my @enabledKeys = ();
my @keys = qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
casSrvMetaDataNodes casAppMetaDataNodes
@ -37,12 +37,12 @@ sub addRoutes {
foreach (@keys) {
# Ignore hidden ConfTree Primary Keys
push @enabledPK, $_
unless ( $hiddenPK =~ /\b$_\b/ );
push @enabledKeys, $_
unless ( $hiddenKeys =~ /\b$_\b/ );
}
# Forbid hidden keys
foreach ( split /\s+/, $hiddenPK ) {
foreach ( split /\s+/, $hiddenKeys ) {
$self->addRoute(
view => { ':cfgNum' => { $_ => 'rejectKey' } },
['GET']
@ -57,7 +57,7 @@ sub addRoutes {
# Special keys
->addRoute(
view => {
':cfgNum' => \@enabledPK
':cfgNum' => \@enabledKeys
},
['GET']
)

2
lemonldap-ng-portal/MANIFEST
View File

@ -523,6 +523,7 @@ t/66-CDA-with-SOAP.t
t/66-CDA.t
t/67-CheckUser-with-token.t
t/67-CheckUser.t
t/68-Impersonation-with-doubleCookies.t
t/68-Impersonation-with-merge.t
t/68-Impersonation.t
t/69-FavApps.t
@ -542,6 +543,7 @@ t/76-2F-Ext-with-BruteForce.t
t/76-2F-Ext-with-CodeActivation.t
t/76-2F-Ext-with-GrantSession.t
t/76-2F-Ext-with-History.t
t/77-2F-Mail-with-global-storage.t
t/77-2F-Mail.t
t/90-Translations.t
t/99-pod.t

4
lemonldap-ng-portal/META.json
View File

@ -4,13 +4,13 @@
"Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>"
],
"dynamic_config" : 1,
"generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010",
"generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010",
"license" : [
"open_source"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
"version" : "2"
},
"name" : "Lemonldap-NG-Portal",
"no_index" : {

2
lemonldap-ng-portal/META.yml
View File

@ -14,7 +14,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010'
generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010'
license: open_source
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm
View File

@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Auth::Combination;
use strict;
use Mouse;
use Lemonldap::NG::Common::Combination::Parser;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR);
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FIRSTACCESS);
use Scalar::Util 'weaken';
our $VERSION = '2.1.0';
@ -197,7 +197,7 @@ sub try {
$req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name;
$req->sessionInfo->{_combinationTry} =
$req->data->{dataKeep}->{combinationTry};
if ( $res > 0 ) {
if ( $res > 0 and $res != PE_FIRSTACCESS ) {
$self->userLogger->warn( 'All schemes failed'
. ( $req->user ? ' for user ' . $req->user : '' ) );
}

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
View File

@ -134,7 +134,11 @@ sub updateToken {
return $id;
}
else {
$self->p->getApacheSession( $id, $k => $v );
$self->p->getApacheSession(
$id,
kind => "TOKEN",
info => { $k => $v }
);
return $id;
}
}

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm
View File

@ -184,7 +184,7 @@ sub send_mail {
foreach ( keys %cid ) {
$message->attach(
Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
Id => $_,
Id => $_,
Path => $self->conf->{templateDir} . "/"
. $self->conf->{portalSkin} . "/"
. $cid{$_},
@ -234,7 +234,8 @@ sub getMailSession {
# Browse found sessions to check if it's a mail session
foreach my $id ( keys %$sessions ) {
my $mailSession = $self->p->getApacheSession($id);
my $mailSession =
$self->p->getApacheSession( $id, ( kind => "TOKEN" ) );
next unless ($mailSession);
return $mailSession if ( $mailSession->data->{_type} =~ /^mail$/ );
}
@ -259,7 +260,8 @@ sub getRegisterSession {
# Browse found sessions to check if it's a register session
foreach my $id ( keys %$sessions ) {
my $registerSession = $self->p->getApacheSession($id);
my $registerSession =
$self->p->getApacheSession( $id, ( kind => "TOKEN" ) );
next unless ($registerSession);
return $id
if ( $registerSession->data->{_type}

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -55,7 +55,6 @@ sub init {
sub run {
my ( $self, $req ) = @_;
my $savedHttpSession = $req->{sessionInfo}->{_httpSession} //= '';
my $spoofId = $req->param('spoofId') || $req->{user};
$self->logger->debug("No impersonation required")
if ( $spoofId eq $req->{user} );
@ -142,8 +141,12 @@ sub run {
$req->steps( [ $self->p->validSession, @{ $self->p->endAuth } ] );
# Restore _httpSession for double Cookies
$req->{sessionInfo}->{_httpSession} = $savedHttpSession
if $savedHttpSession;
if ( $self->conf->{securedCookie} >= 2 ) {
$self->p->updateSession( $req, $spoofSession,
$req->{sessionInfo}->{real__httpSession} );
$req->{sessionInfo}->{_httpSession} =
$req->{sessionInfo}->{real__httpSession};
}
return $statut;
}

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
View File

@ -112,7 +112,8 @@ sub _reset {
$self->logger->debug("Token given for password reset: $mailToken");
# Check if token is valid
my $mailSession = $self->p->getApacheSession($mailToken);
my $mailSession =
$self->p->getApacheSession( $mailToken, kind => "TOKEN" );
unless ($mailSession) {
$self->userLogger->warn('Bad reset token');
return PE_BADMAILTOKEN;
@ -251,7 +252,8 @@ sub _reset {
$infos->{_pdata} = $req->pdata;
# create session
$mailSession = $self->p->getApacheSession( undef, info => $infos );
$mailSession =
$self->p->getApacheSession( undef, kind => "TOKEN", info => $infos );
$req->id( $mailSession->id );
}

310
lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t Normal file
View File

@ -0,0 +1,310 @@
use Test::More;
use strict;
use IO::String;
BEGIN {
require 't/test-lib.pm';
}
my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
brutForceProtection => 0,
portalMainLogo => 'common/logos/logo_llng_old.png',
requireToken => 0,
checkUser => 1,
impersonationRule => '$uid ne "msmith"',
impersonationIdRule => '$uid ne "msmith"',
impersonationPrefix => 'testPrefix_',
securedCookie => 2,
https => 1,
checkUserDisplayPersistentInfo => 0,
checkUserDisplayEmptyValues => 0,
impersonationMergeSSOgroups => 0,
macros => {
test_impersonation => '"$testPrefix__user/$_user"',
_whatToTrace =>
'$_auth eq "SAML" ? "$_user@$_idpConfKey" : $_user',
},
}
}
);
## Try to impersonate with a bad spoofed user
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
$query =~ s/user=/user=rtyler/;
$query =~ s/password=/password=rtyler/;
$query =~ s/spoofId=/spoofId=dwho*/;
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%, ' PE40 found' )
or explain( $res->[2]->[0], "PE40 - Bad formed user" );
count(2);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
## Try to impersonate with a forbidden identity
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
$query =~ s/user=/user=rtyler/;
$query =~ s/password=/password=rtyler/;
$query =~ s/spoofId=/spoofId=msmith/;
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="5"></span></div>%,
' PE5 found'
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
count(2);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
## An unauthorized user try to impersonate
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
$query =~ s/user=/user=msmith/;
$query =~ s/password=/password=msmith/;
$query =~ s/spoofId=/spoofId=rtyler/;
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="93"></span></div>%,
' PE93 found'
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
count(2);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
## An unauthorized user to impersonate tries to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
$query =~ s/user=/user=msmith/;
$query =~ s/password=/password=msmith/;
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
count(1);
my $id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form
# ------------------------
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'CheckUser form',
);
count(1);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST checkuser'
);
count(1);
ok( $res->[2]->[0] =~ m%<td class="align-middle">test_impersonation</td>%,
'Found macro test_impersonation' )
or explain( $res->[2]->[0], 'test_impersonation' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">msmith/msmith</td>%,
'Found msmith/msmith' )
or explain( $res->[2]->[0], 'Found msmith/msmith' );
count(2);
$client->logout($id);
## Try to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
$query =~ s/user=/user=rtyler/;
$query =~ s/password=/password=rtyler/;
$query =~ s/spoofId=/spoofId=dwho/;
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
count(1);
$id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form
# ------------------------
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'CheckUser form',
);
count(1);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
$query =~ s/url=/url=test1.example.com/;
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST checkuser'
);
count(1);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
ok(
$res->[2]->[0] =~
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
'Found trspan="allowed"'
) or explain( $res->[2]->[0], 'trspan="allowed"' );
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
or explain( $res->[2]->[0], 'trspan="headers"' );
ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
'trspan="groups_sso" NOT found' )
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
or explain( $res->[2]->[0], 'trspan="macros"' );
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
'Found trspan="attributes"' )
or explain( $res->[2]->[0], 'trspan="attributes"' );
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%, 'Found _userDB' )
or explain( $res->[2]->[0], '_userDB' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
'Found Auth-User' )
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
or explain( $res->[2]->[0], 'Header Value: dwho' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
'Found _whatToTrace' )
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_groups</td>%,
'Found testPrefix_groups' )
or explain( $res->[2]->[0], 'testPrefix_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%, 'Found su' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_uid</td>%,
'Found testPrefix_uid' )
or explain( $res->[2]->[0], 'testPrefix_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%, 'Found rtyler' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">test_impersonation</td>%,
'Found macro test_impersonation' )
or explain( $res->[2]->[0], 'test_impersonation' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler/dwho</td>%,
'Found rtyler/dwo' )
or explain( $res->[2]->[0], 'Found rtyler/dwo' );
count(16);
my @attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
ok( scalar @attributes == 62, 'Found 61 attributes' )
or print STDERR ( @attributes < 62 )
? "Missing attributes -> " . scalar @attributes
: "Too much attributes -> " . scalar @attributes;
ok( $attributes[0] eq '_auth', '_auth' ) or print STDERR Dumper( \@attributes );
ok( $attributes[1] eq 'Demo', 'Demo' ) or print STDERR Dumper( \@attributes );
ok( $attributes[2] eq '_httpSession', '_httpSession' )
or print STDERR Dumper( \@attributes );
ok( $attributes[28] eq 'uid', 'uid' ) or print STDERR Dumper( \@attributes );
ok( $attributes[30] eq 'testPrefix__auth', 'testPrefix__auth' )
or print STDERR Dumper( \@attributes );
ok( $attributes[32] eq 'testPrefix__httpSession', 'testPrefix__httpSession' )
or print STDERR Dumper( \@attributes );
ok( $attributes[60] eq 'testPrefix_uid', 'testPrefix_uid' )
or print STDERR Dumper( \@attributes );
ok( $attributes[61] eq 'rtyler', 'rtyler' )
or print STDERR Dumper( \@attributes );
count(9);
$client->logout($id);
clean_sessions();
done_testing( count() );

2
lemonldap-ng-portal/t/68-Impersonation.t
View File

@ -21,6 +21,8 @@ my $client = LLNG::Manager::Test->new( {
impersonationRule => '$uid ne "msmith"',
impersonationIdRule => '$uid ne "msmith"',
impersonationPrefix => 'testPrefix_',
securedCookie => 1,
https => 0,
checkUserDisplayPersistentInfo => 0,
checkUserDisplayEmptyValues => 0,
impersonationMergeSSOgroups => 0,

70
lemonldap-ng-portal/t/77-2F-Mail-with-global-storage.t Normal file
View File

@ -0,0 +1,70 @@
use Test::More;
use strict;
use IO::String;
use Data::Dumper;
require 't/test-lib.pm';
require 't/smtp.pm';
use_ok('Lemonldap::NG::Common::FormEncode');
count(1);
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
mail2fActivation => 1,
mail2fCodeRegex => '\d{4}',
authentication => 'Demo',
userDB => 'Same',
tokenUseGlobalStorage => 1,
}
}
);
# Try to authenticate
# -------------------
ok(
my $res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23,
accept => 'text/html',
),
'Auth query'
);
count(1);
my ( $host, $url, $query ) =
expectForm( $res, undef, '/mail2fcheck', 'token', 'code' );
ok(
$res->[2]->[0] =~
qr%<input name="code" value="" class="form-control" id="extcode" trplaceholder="code" autocomplete="off" />%,
'Found EXTCODE input'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( mail() =~ m%<b>(\d{4})</b>%, 'Found 2F code in mail' )
or print STDERR Dumper( mail() );
my $code = $1;
count(1);
$query =~ s/code=/code=${code}/;
ok(
$res = $client->_post(
'/mail2fcheck',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Post code'
);
count(1);
my $id = expectCookie($res);
$client->logout($id);
clean_sessions();
done_testing( count() );

8
rpm/lemonldap-ng.spec
View File

@ -49,7 +49,7 @@
# Main package
#==============================================================================
Name: lemonldap-ng
Version: 2.0.3
Version: 2.1.0
Release: %{?pre_release:0.}1%{?pre_release:.%{pre_release}}%{?dist}
Summary: LemonLDAP-NG WebSSO
License: GPLv2+
@ -660,6 +660,12 @@ fi
# Changelog
#==============================================================================
%changelog
* Sun May 12 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.4-1
- Update to 2.0.4
* Sun May 12 2019 Clement Oudot <clem.oudot@gmail.com> - 1.9.19-1
- Update to 1.9.19
* Thu Apr 11 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.3-1
- Update to 2.0.3