From cf12d5aa4b3ca38b723200c210c9ad9889648aca Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Sat, 11 Feb 2017 10:17:16 +0000 Subject: [PATCH] Update doc (#1160) --- .../current/applications/img/icons.png | 4 +- .../current/applications/img/loader.gif | 4 +- .../current/authcombination.html | 31 ++++- .../bootswatch/3.3.4/flatly/bootstrap.min.css | 4 +- .../documentation/current/confignginx.html | 55 +++++++-- .../documentation/current/customhandlers.html | 101 ++++++++++++++-- .../documentation/current/handlerarch.html | 105 ++++++++++++++++ .../documentation/current/restserverplugin | 4 +- .../current/selfmadeapplication.html | 2 +- doc/pages/documentation/current/start.html | 75 ++++++------ doc/pages/documentation/current/u2f.html | 26 ++-- doc/pages/documentation/current/upgrade.html | 42 ++++--- .../current/writingrulesand_headers.html | 47 ++++++-- omegat.files/fr/fr-level1.tmx | 40 +++---- omegat.files/fr/fr-level2.tmx | 40 +++---- omegat.files/fr/fr-omegat.tmx | 40 +++---- omegat.files/fr/omegat/project_stats.txt | 33 ++--- .../current/applications/img/icons.png | 4 +- .../current/applications/img/loader.gif | 4 +- .../current/authcombination.html | 32 ++++- .../bootswatch/3.3.4/flatly/bootstrap.min.css | 4 +- .../documentation/current/confignginx.html | 61 ++++++++-- .../documentation/current/customhandlers.html | 113 ++++++++++++++++-- .../documentation/current/handlerarch.html | 110 +++++++++++++++++ .../documentation/current/restserverplugin | 4 +- .../current/selfmadeapplication.html | 2 +- .../fr/pages/documentation/current/start.html | 75 ++++++------ .../fr/pages/documentation/current/u2f.html | 28 +++-- .../pages/documentation/current/upgrade.html | 44 ++++--- .../current/writingrulesand_headers.html | 53 ++++++-- 30 files changed, 895 insertions(+), 292 deletions(-) create mode 100644 doc/pages/documentation/current/handlerarch.html create mode 100644 po-doc/fr/pages/documentation/current/handlerarch.html diff --git a/doc/pages/documentation/current/applications/img/icons.png b/doc/pages/documentation/current/applications/img/icons.png index b80f7eeab..b15e5434c 100644 --- a/doc/pages/documentation/current/applications/img/icons.png +++ b/doc/pages/documentation/current/applications/img/icons.png @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/doc/pages/documentation/current/applications/img/loader.gif b/doc/pages/documentation/current/applications/img/loader.gif index c5051a240..4232f42cf 100644 --- a/doc/pages/documentation/current/applications/img/loader.gif +++ b/doc/pages/documentation/current/applications/img/loader.gif @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/doc/pages/documentation/current/authcombination.html b/doc/pages/documentation/current/authcombination.html index 9d4e9b0d8..9d02538e0 100644 --- a/doc/pages/documentation/current/authcombination.html +++ b/doc/pages/documentation/current/authcombination.html @@ -64,6 +64,7 @@
  • Known problems
    • @@ -272,7 +273,29 @@ The following rule is valid:
    -

    AuthApache authentication

    +

    Federation protocols

    +
    + +

    +SAML, OpenID-Connect, CAS or old OpenID can't be chained with a “and” for authentication part. So “[SAML] and [LDAP]” isn't valid. This is because their authentication kinematic don't use the same steps. +

    +
    + + + + + + + + + + + +
    Bad expression Solution Explanation
    [SAML] and [LDAP] [SAML, SAML and LDAP] Authentication is done by SAML only but user must match an LDAP entry
    [SAML] and [LDAP] or [LDAP] [SAML, SAML and LDAP] or [LDAP] Authentication is done by SAML or LDAP but user must match an LDAP entry
    + +
    + +

    AuthApache authentication

    @@ -288,8 +311,8 @@ To bypass this, follow the documentation of -

    SSL authentication

    + +

    SSL authentication

    @@ -297,6 +320,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,

    -
    + diff --git a/doc/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css b/doc/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css index 76a6d3ca3..4f8fb9a89 100644 --- a/doc/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css +++ b/doc/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/doc/pages/documentation/current/confignginx.html b/doc/pages/documentation/current/confignginx.html index 84e569ac5..df5e646a4 100644 --- a/doc/pages/documentation/current/confignginx.html +++ b/doc/pages/documentation/current/confignginx.html @@ -4,7 +4,7 @@ documentation:2.0:confignginx - + @@ -49,10 +49,16 @@
    @@ -64,7 +70,40 @@
    -

    Files

    +

    FastCGI server

    +
    + +

    +To use Nginx, you must install LemonLDAP::NG FastCGI server, which is not installed by default lemonldap-ng meta package. +

    + +
    + +

    Debian/Ubuntu

    +
    +
    apt install lemonldap-ng-fastcgi-server
    + +

    +Enable and start the service : +

    +
    systemctl enable llng-fastcgi-server
+systemctl start llng-fastcgi-server
    + +
    + +

    Red Hat/CentOS

    +
    +
    yum install lemonldap-ng-fastcgi-server
    + +

    +Enable and start the service : +

    +
    systemctl enable llng-fastcgi-server
+systemctl start llng-fastcgi-server
    + +
    + +

    Files

    @@ -76,8 +115,8 @@ You have to include them in Nginx main configuration.

    - -

    Debian/Ubuntu

    + +

    Debian/Ubuntu

    @@ -97,8 +136,8 @@ ln -s /etc/nginx/sites-available/portal-nginx.conf /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/test-nginx.conf /etc/nginx/sites-enabled/

    - -

    Red Hat/CentOS

    + +

    Red Hat/CentOS

    @@ -110,6 +149,6 @@ ln -s /etc/lemonldap-ng/portal-nginx.conf /etc/nginx/conf.d/ ln -s /etc/lemonldap-ng/test-nginx.conf /etc/nginx/conf.d/

    - + diff --git a/doc/pages/documentation/current/customhandlers.html b/doc/pages/documentation/current/customhandlers.html index 655ca48f4..574c64f70 100644 --- a/doc/pages/documentation/current/customhandlers.html +++ b/doc/pages/documentation/current/customhandlers.html @@ -4,7 +4,7 @@ documentation:2.0:customhandlers - + @@ -43,30 +43,115 @@
    + +
    +

    Table of Contents

    +
    + + +
    +
    +

    Custom handlers

    -LLNG provides Perl libraries that can be easily used by inheritance. To launch them: +LLNG provides Perl libraries that can be easily used by inheritance. So you can write your own handlers but you need first to understand Handler architecture +

    + +
    + +

    Add a new handler type

    +
    +
      +
    1. Write your new Module (in Lemonldap/NG/Handler/Lib for example) that overload some Lemonldap::NG::Handler::Main methods
      +
      2. +
    2. Write a wrapper in each platform directory (see Lemonldap::NG::Handler::Apache2::AuthBasic or Lemonldap::NG::Handler::Server::AuthBasic for examples)
      +
      3. +
    + +

    +Wrapper usually look at this: +

    +
    package Lemonldap::NG::Handler::ApacheMP2::MyType;
+ 
+use base 'Lemonldap::NG::Handler::ApacheMP2::Main', 'Lemonldap::NG::Handler::Lib::MyType';
+ 
+1;
    + +
    + +

    Enable it

    +
    + +

    +You can enable it either:

      -
    • with Apache: replace simply Lemonldap::NG::Handler by your own package in Apache configuration file
      +
    • by setting a “PerlSetVar” in the Apache configuration file
      • -
    • with Nginx: you can declare them as follow.
      +
    • by adding it to the menu: add its name in vhostType “select” declaration (file lemonldap-ng-manager/lib/Lemonldap/NG/Build/Attributes) and rebuild LLNG
    - -

    Use custom handler with Nginx

    + +

    Add a new platform

    +

    +LLNG provides 3 platforms: +

    +
      +
    • ApacheMP2
      +
      • +
    • FastCGI server (Nginx is build from there)
      +
      • +
    • Auto-protected PSGI
      +
      • +
    + +

    +If you want to add another, you must write: +

    +
      +
    • the platform launcher file that launch the required type (see lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2 file for example)
      +
      • +
    • write the main platform file (Lemonldap::NG::Handler::MyPlatform::Main) that provides required method (see lemonldap-ng-handler/lib/Lemonldap/NG/Handler/*/Main for examples) and inherits from Lemonldap::NG::Handler::Main
      +
      • +
    • write the “type” wrapper files (AuthBasic,…).
      +
      • +
    + +

    +Wrapper usually look at this: +

    +
    package Lemonldap::NG::Handler::MyPlatform::AuthBasic;
+ 
+use base 'Lemonldap::NG::Handler::MyPlatform::Main', 'Lemonldap::NG::Handler::Lib::AuthBasic';
+ 
+1;
    + +
    + +

    Old fashion Nginx handlers

    +
    +
    There is no need to use this feature now. It is kept for compatibility. +

    Three actions are needed:

      -
    • declare them in the manager “General Parameters » Advanced Parameters » Custom handlers (Nginx)”. Key is the name that will be used below and value is the name of the custom package,
      +
    • declare your own module in the manager “General Parameters » Advanced Parameters » Custom handlers (Nginx)”. Key is the name that will be used below and value is the name of the custom package,
    • in your Nginx configuration file, add LLTYPE=<name>; in the location = /lmauth {…} paragraph
      • @@ -75,6 +160,6 @@ Three actions are needed:
    -
    + diff --git a/doc/pages/documentation/current/handlerarch.html b/doc/pages/documentation/current/handlerarch.html new file mode 100644 index 000000000..052539ed0 --- /dev/null +++ b/doc/pages/documentation/current/handlerarch.html @@ -0,0 +1,105 @@ + + + + + documentation:2.0:handlerarch + + + + + + + + + + + + + + + + + + + + +
    + +

    Handler architecture

    +
    + +

    +Handlers are build on rows of modules: +

    +
      +
    • Applications or launchers that get the request and choose the good type (Main, AuthBasic, ZimbraPreAuth,…) and launch it (may not inherits of other Handler::* modules)
      +
      • +
    • Wrappers that call “type” library and platform “Main” (may all inherits from Platform::Main)
      +
      • +
    • library types if needed (may inherits from Main)
      +
      • +
    • Main: the main handler library
      +
      • +
    + +
    + +

    Overview of Handler packages

    +
    +
    + + + + + + + + + + + + + + + + + +
    Platform Wrapper Types Main
    Applications Launchers
    ApacheMP2 ApacheMP2::<type> Lib::<type> Main
    Server Server::<type>
    PSGI PSGI::<type>
    + +

    +Types are: +

    + + +
    +
    + + diff --git a/doc/pages/documentation/current/restserverplugin b/doc/pages/documentation/current/restserverplugin index 8b18718d8..36a04f6ec 100644 --- a/doc/pages/documentation/current/restserverplugin +++ b/doc/pages/documentation/current/restserverplugin @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/doc/pages/documentation/current/selfmadeapplication.html b/doc/pages/documentation/current/selfmadeapplication.html index c858eac2a..92839dbdf 100644 --- a/doc/pages/documentation/current/selfmadeapplication.html +++ b/doc/pages/documentation/current/selfmadeapplication.html @@ -4,7 +4,7 @@ documentation:2.0:selfmadeapplication - + diff --git a/doc/pages/documentation/current/start.html b/doc/pages/documentation/current/start.html index ec04b99fb..64dd252a2 100644 --- a/doc/pages/documentation/current/start.html +++ b/doc/pages/documentation/current/start.html @@ -240,88 +240,85 @@ Apache (Kerberos, NTLM, OTP, ...) ✔ - BrowserID (Mozilla Persona) ✔ - - CAS ✔ - + Databases (DBI) ✔ ✔ ✔ - + Demonstration ✔ ✔ ✔ - + Facebook ✔ ✔ - + LDAP ✔ ✔ ✔ - + Null ✔ ✔ ✔ - + OpenID Connect ✔ ✔ - + Proxy LL::NG ✔ ✔ - + Radius ✔ - + SAML 2.0 / Shibboleth ✔ ✔ - + Slave ✔ ✔ - + SSL ✔ - + Twitter ✔ - + WebID ✔ ✔ - + Yubikey ✔ - + Combo Backends Authentication Users Password - + Choice by users ✔ ✔ ✔ - + Combination of auth schemes ✔ ✔ - - Multiple backends stack + + Multiple backends stack Deprecated, replaced by Combination - + Obsolete Backends Authentication Users Password - + OpenID ✔ ✔ - + Remote LL::NG ✔ ✔ - + Second factor Authentication - + U2F
    - +

    - +

    Configuration database

    @@ -356,14 +353,14 @@ SOAP ✔ Proxy backend to be used in conjunction with another configuration backend.
    Can be used to secure another backend for remote servers.
    -
    You can not start with an empty configuration, so read how to change configuration backend to convert your existing configuration into another one. +
    You can not start with an empty configuration, so read how to change configuration backend to convert your existing configuration into another one.

    - +

    Sessions database

    @@ -405,13 +402,13 @@ Sessions are stored using +

    Identity provider

    - -

    Assistance

    + +

    Assistance

    @@ -94,14 +104,14 @@ If a user lost its key, you may remove it's persistent session using the se

    - -

    Developer corner

    + +

    Developer corner

    If you have another U2F registration interface, you have to populate session (using exported variables) to set these keys:

    -
    +
    @@ -114,12 +124,12 @@ If you have another U2F registration interface, you have to populate session (us
    Name Value _u2fUserKey user key value, base64 encoded
    - +

    Note that both “origin” and “appId” are fixed to portal URL.

    -
    +
    diff --git a/doc/pages/documentation/current/upgrade.html b/doc/pages/documentation/current/upgrade.html index 680c872de..7c2c43a45 100644 --- a/doc/pages/documentation/current/upgrade.html +++ b/doc/pages/documentation/current/upgrade.html @@ -51,6 +51,7 @@
    Apache-ModPerl is no longer usable since version 2.4 (many segfaults,…). LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI (portal and manager).

    -For handlers, it is now recommended to migrate to Nginx ! +For handlers, it is now recommended to migrate to Nginx, but Apache-2 is still supported

    - +

    Security

    @@ -100,8 +101,17 @@ LLNG portal now embeds the following features:
    - -

    Supported servers

    + +

    Rules and headers

    +
    + + +
    + +

    Supported servers

    - -

    SOAP/REST services

    + +

    SOAP/REST services

    - -

    Developer corner

    + +

    Developer corner

    - -

    APIs

    + +

    APIs

    @@ -136,8 +146,8 @@ Portal has now many REST features and includes a plugin -

    Portal overview

    + +

    Portal overview

    @@ -158,12 +168,12 @@ The request is a separated object based on Lemonldap::NG::Portal::Main::Request

    - -

    Handler

    + +

    Handler

    -
    Handler libraries have been changed another time. Inheritance is back (like 1.3.3). We are sorry for this new inconvenience. +
    Handler libraries have been totally rewritten. If you've made custom handlers, they must be rewritten. See customhandlers
    -
    +
    diff --git a/doc/pages/documentation/current/writingrulesand_headers.html b/doc/pages/documentation/current/writingrulesand_headers.html index 2fe6913e2..a231e79f7 100644 --- a/doc/pages/documentation/current/writingrulesand_headers.html +++ b/doc/pages/documentation/current/writingrulesand_headers.html @@ -4,7 +4,7 @@ documentation:2.0:writingrulesand_headers - + @@ -43,6 +43,19 @@
    + +
    +

    Table of Contents

    +
    + + +
    +
    +

    Writing rules and headers

    @@ -122,17 +135,20 @@ Rules can also be used to intercept logout Logout user from Lemonldap::NG and redirect it to http://intranet/ ^/index.php\?logout logout_sso http://intranet/ - Logout user from current application and redirect it to the menu ^/index.php\?logout logout_app https://auth.example.com/ + Logout user from current application and redirect it to the menu (Apache only) ^/index.php\?logout logout_app https://auth.example.com/ - Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ ^/index.php\?logout logout_app_sso http://intranet/ + Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ (Apache only) ^/index.php\?logout logout_app_sso http://intranet/
    -
    By default, user will be redirected on portal if no URL defined, or on the specified URL if any. -
    Only current application is concerned by logout_app* targets. Be careful with some applications which doesn't verify Lemonldap::NG headers after having created their own cookies. If so, you can redirect users to a HTML page that explain that it is safe to close browser after disconnect. + +

    +By default, user will be redirected on portal if no URL defined, or on the specified URL if any. +

    +
    Only current application is concerned by logout_app* targets. Be careful with some applications which doesn't verify Lemonldap::NG headers after having created their own cookies. If so, you can redirect users to a HTML page that explain that it is safe to close browser after disconnect.
    - +

    Headers

    @@ -162,7 +178,7 @@ Examples: Give a non ascii data Display-Name encode_base64($givenName." ".$surName)
    - +

    As described in performances chapter, you can use macros, local macros,…

    @@ -178,6 +194,21 @@ As described in
    + +

    Available functions

    +
    + +

    +In addition to macros and name, you can use some functions in rules and headers: +

    +     + +
    + diff --git a/omegat.files/fr/fr-level1.tmx b/omegat.files/fr/fr-level1.tmx index 64331fe4c..7155dd5fd 100644 --- a/omegat.files/fr/fr-level1.tmx +++ b/omegat.files/fr/fr-level1.tmx @@ -866,6 +866,14 @@ chown www-data:www-data /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/ses Voir Écrire des règles et des en-têtes pour savoir comment configurer le contrôle d'accès et les en-têtes HTTP transmis à l'application par LL::NG. + + + documentation/latest/applications/zimbra.html + + + documentation/latest/applications/zimbra.html + + APT-GET @@ -5028,14 +5036,6 @@ $WebserverAuth_autouserprofile = Array( Si l'explorateur de sessions est sur le même serveur que le portail, utiliser soit la terminaison adminSessions dans la configuration eu manager, ou surcharger les paramètres globalStorage et globalStorageOptions dans la section all (et pas portal) de lemonldap-ng.ini. - - - BrowserID (Mozilla Persona) - - - BrowserID (Mozilla Persona) - - Build: @@ -6608,6 +6608,14 @@ cda = 1 Ce type de mécanisme SSO n'est pas parfait et peut générer des problèmes tels des blocages de mots-de-passe, sessions locales mal closes, etc... + + + documentation:latest:applications:zimbra + + + documentation:latest:applications:zimbra + + KERB_AUTH: AD account to generate the keytab for LL::NG server (in single mode) @@ -14214,14 +14222,6 @@ portalSkin = dark Affiche le module de changement de mot-de-passe - - - Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ - - - Déconnecte l'utilisateur de l'application courante et de Lemonldap::NG le redirige vers http://intranet/ - - With YUM @@ -33172,14 +33172,6 @@ maxretry = 3 $uid eq "bart.simpson" - - - Logout user from current application and redirect it to the menu - - - Déconnecte l'utilisateur de l'application courante et le redirige vers le menu - - Just run the tar command: diff --git a/omegat.files/fr/fr-level2.tmx b/omegat.files/fr/fr-level2.tmx index c5f0d50f7..013217cfd 100644 --- a/omegat.files/fr/fr-level2.tmx +++ b/omegat.files/fr/fr-level2.tmx @@ -866,6 +866,14 @@ chown www-data:www-data /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/ses Voir <s0><a1>Écrire des règles et des en-têtes</a1></s0> pour savoir comment configurer le contrôle d'accès et les en-têtes HTTP transmis à l'application par <a2>LL::NG</a2>. + + + documentation/latest/applications/zimbra.html + + + documentation/latest/applications/zimbra.html + + APT-GET @@ -5028,14 +5036,6 @@ ignoreregex = Si l'explorateur de sessions est sur le même serveur que le portail, utiliser soit la terminaison <s0>adminSessions</s0> dans la configuration eu manager, ou surcharger les paramètres <c1>globalStorage</c1> et <c2>globalStorageOptions</c2> dans la section all (et pas portal) de <c3>lemonldap-ng.ini</c3>. - - - BrowserID (Mozilla Persona) - - - BrowserID (Mozilla Persona) - - Build: @@ -6608,6 +6608,14 @@ DataSource -> dbi:mysql:sessions;host=... Ce type de mécanisme <a0>SSO</a0> n'est pas parfait et peut générer des problèmes tels des blocages de mots-de-passe, sessions locales mal closes, etc... + + + documentation:latest:applications:zimbra + + + documentation:latest:applications:zimbra + + <s0>KERB_AUTH</s0>: AD account to generate the keytab for <a1>LL::NG</a1> server (in single mode) @@ -14214,14 +14222,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce Affiche le module de changement de mot-de-passe - - - Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ - - - Déconnecte l'utilisateur de l'application courante et de Lemonldap::NG le redirige vers http://intranet/ - - With YUM @@ -33172,14 +33172,6 @@ maxretry = 3 $uid eq "bart.simpson" - - - Logout user from current application and redirect it to the menu - - - Déconnecte l'utilisateur de l'application courante et le redirige vers le menu - - Just run the tar command: diff --git a/omegat.files/fr/fr-omegat.tmx b/omegat.files/fr/fr-omegat.tmx index 52c3438bd..11a489e66 100644 --- a/omegat.files/fr/fr-omegat.tmx +++ b/omegat.files/fr/fr-omegat.tmx @@ -866,6 +866,14 @@ chown www-data:www-data /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/ses Voir <s0><a1>Écrire des règles et des en-têtes</a1></s0> pour savoir comment configurer le contrôle d'accès et les en-têtes HTTP transmis à l'application par <a2>LL::NG</a2>. + + + documentation/latest/applications/zimbra.html + + + documentation/latest/applications/zimbra.html + + APT-GET @@ -5028,14 +5036,6 @@ ignoreregex = Si l'explorateur de sessions est sur le même serveur que le portail, utiliser soit la terminaison <s0>adminSessions</s0> dans la configuration eu manager, ou surcharger les paramètres <c1>globalStorage</c1> et <c2>globalStorageOptions</c2> dans la section all (et pas portal) de <c3>lemonldap-ng.ini</c3>. - - - BrowserID (Mozilla Persona) - - - BrowserID (Mozilla Persona) - - Build: @@ -6608,6 +6608,14 @@ DataSource -> dbi:mysql:sessions;host=... Ce type de mécanisme <a0>SSO</a0> n'est pas parfait et peut générer des problèmes tels des blocages de mots-de-passe, sessions locales mal closes, etc... + + + documentation:latest:applications:zimbra + + + documentation:latest:applications:zimbra + + <s0>KERB_AUTH</s0>: AD account to generate the keytab for <a1>LL::NG</a1> server (in single mode) @@ -14214,14 +14222,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce Affiche le module de changement de mot-de-passe - - - Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ - - - Déconnecte l'utilisateur de l'application courante et de Lemonldap::NG le redirige vers http://intranet/ - - With YUM @@ -33172,14 +33172,6 @@ maxretry = 3 $uid eq "bart.simpson" - - - Logout user from current application and redirect it to the menu - - - Déconnecte l'utilisateur de l'application courante et le redirige vers le menu - - Just run the tar command: diff --git a/omegat.files/fr/omegat/project_stats.txt b/omegat.files/fr/omegat/project_stats.txt index ea3340b57..b9b0698ea 100644 --- a/omegat.files/fr/omegat/project_stats.txt +++ b/omegat.files/fr/omegat/project_stats.txt @@ -1,11 +1,11 @@ -07/02/17 23:34 +11/02/17 11:15 Données du projet Segments Mots Caractères (sans espaces) Caractères (avec espaces) -Total : 14928 65163 456143 497568 -Restants : 7178 24790 210067 220602 -Segments uniques : 7228 46991 305273 341582 -Segments uniques restants : 3056 14965 119011 128241 +Total : 15082 65889 461157 503018 +Restants : 7314 25477 214667 225631 +Segments uniques : 7315 47534 308737 345416 +Segments uniques restants : 3144 15529 122552 132176 Statistiques par fichiers : @@ -62,21 +62,21 @@ pages/documentation/current/authapache.html pages/documentation/current/authbrowserid.html 47 11 26 5 287 27 229 11 1983 251 1452 119 2161 251 1622 119 pages/documentation/current/authcas.html 87 19 40 9 405 58 290 32 2675 479 1686 252 2942 495 1907 266 pages/documentation/current/authchoice.html 55 13 30 5 252 37 210 17 1588 316 1228 146 1767 323 1401 153 -pages/documentation/current/authcombination.html 132 93 89 77 670 556 598 521 3806 3068 3207 2784 4330 3518 3714 3227 +pages/documentation/current/authcombination.html 164 116 107 95 808 658 690 613 4722 3705 3751 3328 5344 4226 4328 3841 pages/documentation/current/authdbi.html 156 26 85 16 507 57 398 33 3385 492 2461 290 3687 503 2747 299 pages/documentation/current/authdemo.html 50 12 22 4 186 39 141 19 1165 304 803 130 1277 314 911 140 pages/documentation/current/authfacebook.html 54 18 31 11 309 104 253 82 1967 669 1457 476 2176 734 1659 541 pages/documentation/current/authldap.html 145 38 79 14 882 128 719 80 5673 1219 4322 753 6306 1272 4905 804 pages/documentation/current/authmulti.html 15 12 3 2 48 42 21 18 362 326 125 104 378 340 141 118 pages/documentation/current/authnull.html 30 9 9 1 121 23 82 3 791 192 473 26 869 192 544 26 -pages/documentation/current/authopenid.html 63 19 36 9 280 73 222 49 1810 547 1317 328 1991 577 1488 358 +pages/documentation/current/authopenid.html 63 19 32 5 280 73 214 41 1810 547 1217 228 1991 577 1388 258 pages/documentation/current/authopenidconnect_franceconnect.html 59 29 36 15 337 114 271 70 2712 1438 2092 955 2895 1445 2263 960 pages/documentation/current/authopenidconnect_google.html 71 33 34 16 373 88 236 33 2655 1043 1583 441 2879 1045 1750 441 pages/documentation/current/authopenidconnect.html 244 102 138 60 1030 268 820 160 6702 2615 4889 1474 7369 2688 5523 1540 pages/documentation/current/authproxy.html 62 29 29 20 297 174 231 151 1950 1161 1424 972 2147 1276 1605 1085 pages/documentation/current/authradius.html 46 13 20 5 190 29 130 9 1313 279 858 121 1426 281 955 121 pages/documentation/current/authremote.html 101 31 55 11 591 85 491 41 3785 941 2927 491 4221 959 3339 507 -pages/documentation/current/authsaml.html 147 36 74 16 930 157 733 112 5589 1233 4103 808 6316 1323 4741 896 +pages/documentation/current/authsaml.html 147 36 73 15 930 157 732 111 5589 1233 4090 795 6316 1323 4728 883 pages/documentation/current/authslave.html 54 13 22 5 282 61 211 41 1643 410 1123 235 1850 440 1305 265 pages/documentation/current/authssl.html 166 97 110 68 834 300 683 227 5730 2593 4546 1970 6228 2689 5008 2059 pages/documentation/current/authtwitter.html 44 9 18 3 206 23 132 7 1404 204 786 74 1532 204 886 74 @@ -88,10 +88,10 @@ pages/documentation/current/cda.html pages/documentation/current/changeconfbackend.html 48 21 32 14 170 45 135 26 1234 484 1011 333 1323 486 1094 333 pages/documentation/current/configapache.html 34 19 25 13 194 65 173 49 1284 470 1125 339 1390 501 1231 370 pages/documentation/current/configlocation.html 479 204 356 126 2366 666 2067 505 16459 6024 14011 4456 18293 6409 15687 4771 -pages/documentation/current/confignginx.html 30 18 15 8 198 135 165 109 1444 1071 1203 868 1528 1111 1284 905 +pages/documentation/current/confignginx.html 46 32 24 17 262 195 206 150 1930 1531 1531 1196 2057 1614 1643 1264 pages/documentation/current/configvhost.html 245 143 105 58 979 403 597 199 7793 4343 4207 2031 8490 4557 4639 2125 pages/documentation/current/customfunctions.html 76 30 45 15 381 88 300 52 2765 893 2086 527 3006 919 2303 551 -pages/documentation/current/customhandlers.html 22 20 14 14 126 123 107 107 762 747 614 614 851 836 703 703 +pages/documentation/current/customhandlers.html 55 51 39 39 378 367 328 328 2378 2271 2034 2034 2620 2513 2259 2259 pages/documentation/current/docker.html 33 19 19 10 166 80 131 53 1243 711 927 468 1319 733 1003 490 pages/documentation/current/documentation/captcha.png_documentation_2.0_captcha.html 37 34 9 9 84 80 24 24 692 675 224 224 701 684 230 230 pages/documentation/current/documentation/configuration-ldap.png_documentation_2.0_ldapconfbackend.html 37 33 11 10 85 79 28 26 822 769 333 297 831 778 339 303 @@ -124,7 +124,8 @@ pages/documentation/current/federationproxy.html pages/documentation/current/fileconfbackend.html 22 11 9 1 95 27 67 3 688 273 420 33 742 273 474 33 pages/documentation/current/filesessionbackend.html 36 11 19 3 181 27 145 7 1224 291 909 95 1319 291 1003 95 pages/documentation/current/formreplay.html 78 21 44 10 594 50 509 23 3225 510 2546 260 3704 517 2994 267 -pages/documentation/current/handlerauthbasic.html 73 44 28 17 319 138 228 77 2391 1307 1460 662 2630 1389 1664 726 +pages/documentation/current/handlerarch.html 43 38 30 28 131 119 105 97 940 828 725 640 998 886 783 698 +pages/documentation/current/handlerauthbasic.html 73 44 26 15 319 138 224 73 2391 1307 1405 607 2630 1389 1609 671 pages/documentation/current/header_remote_user_conversion.html 41 23 20 8 233 72 182 36 1755 807 1217 381 1910 836 1364 402 pages/documentation/current/highavailability.html 27 13 15 7 135 35 105 19 1057 444 777 309 1129 444 849 309 pages/documentation/current/icons/access.png_documentation_2.0_start.html 37 33 9 8 85 79 26 24 657 624 219 203 666 633 225 209 @@ -181,7 +182,7 @@ pages/documentation/current/resetpassword.html pages/documentation/current/restsessionbackend.html 65 46 36 33 401 348 348 319 2642 2255 2201 1970 2935 2521 2486 2234 pages/documentation/current/safejail.html 35 13 17 1 125 31 85 3 852 302 485 26 916 302 549 26 pages/documentation/current/samlservice.html 329 104 167 49 1650 385 1228 269 10587 2864 7381 1833 11781 3095 8386 2044 -pages/documentation/current/securetoken.html 54 28 21 12 312 123 236 93 2046 977 1480 718 2282 1050 1685 789 +pages/documentation/current/securetoken.html 54 28 19 10 312 123 232 89 2046 977 1435 673 2282 1050 1640 744 pages/documentation/current/security.html 247 104 152 62 1404 484 1175 378 9244 4011 7211 2823 10262 4303 8176 3102 pages/documentation/current/selfmadeapplication.html 72 23 37 9 343 99 262 65 2265 784 1496 411 2469 829 1689 454 pages/documentation/current/selinux.html 26 24 14 14 77 74 47 47 556 541 349 349 591 576 377 377 @@ -193,9 +194,9 @@ pages/documentation/current/soapsessionbackend.html pages/documentation/current/sqlconfbackend.html 69 32 44 20 319 122 258 92 2082 915 1574 639 2299 976 1776 695 pages/documentation/current/sqlsessionbackend.html 119 29 52 11 557 104 334 59 3751 747 2054 338 4057 800 2292 384 pages/documentation/current/ssocookie.html 60 17 32 4 436 67 364 36 2393 502 1871 238 2740 530 2195 266 -pages/documentation/current/start.html 587 331 130 68 1310 756 530 208 11708 7948 3658 1731 12143 8048 4001 1821 +pages/documentation/current/start.html 584 330 130 69 1307 756 531 212 11665 7931 3665 1763 12101 8034 4009 1856 pages/documentation/current/status.html 62 21 30 7 312 71 248 41 2008 539 1486 300 2182 565 1654 324 -pages/documentation/current/u2f.html 44 38 24 24 224 215 180 180 1409 1342 1052 1052 1562 1493 1200 1200 -pages/documentation/current/upgrade.html 83 73 41 41 413 397 302 302 2635 2502 1689 1689 2932 2794 1942 1942 +pages/documentation/current/u2f.html 51 43 28 28 274 259 217 217 1761 1638 1297 1297 1942 1813 1469 1469 +pages/documentation/current/upgrade.html 94 84 46 46 462 446 337 337 3045 2912 1929 1929 3371 3233 2209 2209 pages/documentation/current/variables.html 174 48 96 26 524 131 401 85 3333 985 2353 577 3658 1044 2653 632 -pages/documentation/current/writingrulesand_headers.html 110 32 61 12 571 175 468 127 3675 1370 2710 807 4082 1479 3097 916 +pages/documentation/current/writingrulesand_headers.html 125 47 66 19 616 244 496 181 4012 1832 2878 1112 4445 1989 3288 1266 diff --git a/po-doc/fr/pages/documentation/current/applications/img/icons.png b/po-doc/fr/pages/documentation/current/applications/img/icons.png index b80f7eeab..b15e5434c 100644 --- a/po-doc/fr/pages/documentation/current/applications/img/icons.png +++ b/po-doc/fr/pages/documentation/current/applications/img/icons.png @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/po-doc/fr/pages/documentation/current/applications/img/loader.gif b/po-doc/fr/pages/documentation/current/applications/img/loader.gif index c5051a240..4232f42cf 100644 --- a/po-doc/fr/pages/documentation/current/applications/img/loader.gif +++ b/po-doc/fr/pages/documentation/current/applications/img/loader.gif @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/po-doc/fr/pages/documentation/current/authcombination.html b/po-doc/fr/pages/documentation/current/authcombination.html index 982101af8..bdb067230 100644 --- a/po-doc/fr/pages/documentation/current/authcombination.html +++ b/po-doc/fr/pages/documentation/current/authcombination.html @@ -65,6 +65,7 @@
  • Problèmes connus
    • @@ -295,7 +296,30 @@ The following rule is valid:
    -

    Authentification AuthApache

    +

    Federation protocols

    +
    + +

    +SAML, OpenID-Connect, CAS or old OpenID can't be chained with a “and” for authentication part. So “[SAML] and [LDAP]” isn't valid. This is because their authentication kinematic don't use the same steps. + +

    +
    + + + + + + + + + + + +
    Bad expression Solution Explanation
    [SAML] and [LDAP] [SAML, SAML and LDAP] Authentication is done by SAML only but user must match an LDAP entry
    [SAML] and [LDAP] or [LDAP] [SAML, SAML and LDAP] or [LDAP] Authentication is done by SAML or LDAP but user must match an LDAP entry
    + +
    + +

    Authentification AuthApache

    @@ -311,16 +335,16 @@ Example: [ Apache and LDAP, LDAP ] Pour outrepasser ceci, suivre la documentation du module AuthApache

    -
    + -

    Authentification SSL

    +

    Authentification SSL

    Pour chaîner SSL, il est nécessaire de mettre “SSLRequire optional” dans le fichier de configuration Apache, sinon les utilisateurs ne seront authentifiés que par SSL.

    -
    + diff --git a/po-doc/fr/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css b/po-doc/fr/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css index 76a6d3ca3..4f8fb9a89 100644 --- a/po-doc/fr/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css +++ b/po-doc/fr/pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/po-doc/fr/pages/documentation/current/confignginx.html b/po-doc/fr/pages/documentation/current/confignginx.html index e4cd4a9a0..31a0f90ed 100644 --- a/po-doc/fr/pages/documentation/current/confignginx.html +++ b/po-doc/fr/pages/documentation/current/confignginx.html @@ -11,7 +11,7 @@ //else --> - + @@ -50,10 +50,16 @@
    @@ -65,7 +71,46 @@
    -

    Fichiers

    +

    FastCGI server

    +
    + +

    + +To use Nginx, you must install LemonLDAP::NG FastCGI server, which is not installed by default lemonldap-ng meta package. + +

    + +
    + +

    Debian/Ubuntu

    +
    +
    apt install lemonldap-ng-fastcgi-server
    + +

    + +Enable and start the service : + +

    +
    systemctl enable llng-fastcgi-server
+systemctl start llng-fastcgi-server
    + +
    + +

    Red Hat/CentOS

    +
    +
    yum install lemonldap-ng-fastcgi-server
    + +

    + +Enable and start the service : + +

    +
    systemctl enable llng-fastcgi-server
+systemctl start llng-fastcgi-server
    + +
    + +

    Fichiers

    @@ -76,9 +121,9 @@ Depuis une installation par les sources, les fichiers de configuration de Nginx Il faut les inclure dans la configuration de Nginx, par exemple :

    -
    + -

    Debian/Ubuntu

    +

    Debian/Ubuntu

    @@ -97,9 +142,9 @@ ln -s /etc/nginx/sites-available/manager-nginx.conf /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/portal-nginx.conf /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/test-nginx.conf /etc/nginx/sites-enabled/ -

    + -

    Red Hat/CentOS

    +

    Red Hat/CentOS

    @@ -110,7 +155,7 @@ ln -s /etc/lemonldap-ng/manager-nginx.conf /etc/nginx/conf.d/ ln -s /etc/lemonldap-ng/portal-nginx.conf /etc/nginx/conf.d/ ln -s /etc/lemonldap-ng/test-nginx.conf /etc/nginx/conf.d/ -

    + diff --git a/po-doc/fr/pages/documentation/current/customhandlers.html b/po-doc/fr/pages/documentation/current/customhandlers.html index 969859771..5756547d7 100644 --- a/po-doc/fr/pages/documentation/current/customhandlers.html +++ b/po-doc/fr/pages/documentation/current/customhandlers.html @@ -11,7 +11,7 @@ //else --> - + @@ -43,35 +43,130 @@ -
    +
    + +
    +

    Table of Contents

    + +
    +

    Custom handlers

    -LLNG provides Perl libraries that can be easily used by inheritance. To launch them: +LLNG provides Perl libraries that can be easily used by inheritance. So you can write your own handlers but you need first to understand Handler architecture +

    + +
    + +

    Add a new handler type

    +
    +
      +
    1. Write your new Module (in Lemonldap/NG/Handler/Lib for example) that overload some Lemonldap::NG::Handler::Main methods
      +
      2. +
    2. Write a wrapper in each platform directory (see Lemonldap::NG::Handler::Apache2::AuthBasic or Lemonldap::NG::Handler::Server::AuthBasic for examples)
      +
      3. +
    + +

    + +Wrapper usually look at this: + +

    +
    package Lemonldap::NG::Handler::ApacheMP2::MyType;
+ 
+use base 'Lemonldap::NG::Handler::ApacheMP2::Main', 'Lemonldap::NG::Handler::Lib::MyType';
+ 
+1;
    + +
    + +

    Enable it

    +
    + +

    + +You can enable it either:

      -
    • with Apache: replace simply Lemonldap::NG::Handler by your own package in Apache configuration file
      +
    • by setting a “PerlSetVar” in the Apache configuration file
      • -
    • with Nginx: you can declare them as follow.
      +
    • by adding it to the menu: add its name in vhostType “select” declaration (file lemonldap-ng-manager/lib/Lemonldap/NG/Build/Attributes) and rebuild LLNG
    -
    +
    -

    Use custom handler with Nginx

    +

    Add a new platform

    +LLNG provides 3 platforms: + +

    +
      +
    • ApacheMP2
      +
      • +
    • FastCGI server (Nginx is build from there)
      +
      • +
    • Auto-protected PSGI
      +
      • +
    + +

    + +If you want to add another, you must write: + +

    +
      +
    • the platform launcher file that launch the required type (see lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2 file for example)
      +
      • +
    • write the main platform file (Lemonldap::NG::Handler::MyPlatform::Main) that provides required method (see lemonldap-ng-handler/lib/Lemonldap/NG/Handler/*/Main for examples) and inherits from Lemonldap::NG::Handler::Main
      +
      • +
    • write the “type” wrapper files (AuthBasic,…).
      +
      • +
    + +

    + +Wrapper usually look at this: + +

    +
    package Lemonldap::NG::Handler::MyPlatform::AuthBasic;
+ 
+use base 'Lemonldap::NG::Handler::MyPlatform::Main', 'Lemonldap::NG::Handler::Lib::AuthBasic';
+ 
+1;
    + +
    + +

    Old fashion Nginx handlers

    +
    +
    There is no need to use this feature now. It is kept for compatibility. + +
    +

    + Three actions are needed:

      -
    • declare them in the manager “General Parameters » Advanced Parameters » Custom handlers (Nginx)”. Key is the name that will be used below and value is the name of the custom package,
      +
    • declare your own module in the manager “General Parameters » Advanced Parameters » Custom handlers (Nginx)”. Key is the name that will be used below and value is the name of the custom package,
    • in your Nginx configuration file, add LLTYPE=<name>; in the location = /lmauth {…} paragraph
      • @@ -79,7 +174,7 @@ Three actions are needed:
    -
    +
    diff --git a/po-doc/fr/pages/documentation/current/handlerarch.html b/po-doc/fr/pages/documentation/current/handlerarch.html new file mode 100644 index 000000000..f6fd01b2e --- /dev/null +++ b/po-doc/fr/pages/documentation/current/handlerarch.html @@ -0,0 +1,110 @@ + + + + + + documentation:2.0:handlerarch + + + + + + + + + + + + + + + + + + + + +
    + +

    Handler architecture

    +
    + +

    + +Handlers are build on rows of modules: + +

    +
      +
    • Applications or launchers that get the request and choose the good type (Main, AuthBasic, ZimbraPreAuth,…) and launch it (may not inherits of other Handler::* modules)
      +
      • +
    • Wrappers that call “type” library and platform “Main” (may all inherits from Platform::Main)
      +
      • +
    • library types if needed (may inherits from Main)
      +
      • +
    • Main: the main handler library
      +
      • +
    + +
    + +

    Overview of Handler packages

    +
    +
    + + + + + + + + + + + + + + + + + +
    Platform Wrapper Types Main
    Applications Launchers
    ApacheMP2 ApacheMP2::<type> Lib::<type> Main
    Server Server::<type>
    PSGI PSGI::<type>
    + +

    + +Types are: + +

    + + +
    +
    + + diff --git a/po-doc/fr/pages/documentation/current/restserverplugin b/po-doc/fr/pages/documentation/current/restserverplugin index 8b18718d8..36a04f6ec 100644 --- a/po-doc/fr/pages/documentation/current/restserverplugin +++ b/po-doc/fr/pages/documentation/current/restserverplugin @@ -90,7 +90,7 @@ +
    • @@ -204,7 +204,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio -
    +
    diff --git a/po-doc/fr/pages/documentation/current/selfmadeapplication.html b/po-doc/fr/pages/documentation/current/selfmadeapplication.html index 409220bb7..fd520d65d 100644 --- a/po-doc/fr/pages/documentation/current/selfmadeapplication.html +++ b/po-doc/fr/pages/documentation/current/selfmadeapplication.html @@ -11,7 +11,7 @@ //else --> - + diff --git a/po-doc/fr/pages/documentation/current/start.html b/po-doc/fr/pages/documentation/current/start.html index b6265230c..17f68055a 100644 --- a/po-doc/fr/pages/documentation/current/start.html +++ b/po-doc/fr/pages/documentation/current/start.html @@ -241,87 +241,84 @@ Apache (Kerberos, NTLM, OTP, ...) ✔ - BrowserID (Mozilla Persona) ✔ - - CAS ✔ - + Bases de données (DBI) ✔ ✔ ✔ - + Démonstration ✔ ✔ ✔ - + Facebook ✔ ✔ - + LDAP ✔ ✔ ✔ - + Null ✔ ✔ ✔ - + OpenID Connect ✔ ✔ - + Proxy LL::NG ✔ ✔ - + Radius ✔ - + SAML 2.0 / Shibboleth ✔ ✔ - + Slave ✔ ✔ - + SSL ✔ - + Twitter ✔ - + WebID ✔ ✔ - + Yubikey ✔ - + Combo Backends Authentification Utilisateurs Mot-de-passe - + Choice by users ✔ ✔ ✔ - + Combination of auth schemes ✔ ✔ - - Empiler de multiples backends + + Empiler de multiples backends Deprecated, replaced by Combination - + Obsolete Backends Authentification Utilisateurs Mot-de-passe - + OpenID ✔ ✔ - + LL::NG distant ✔ ✔ - + Second factor Authentification - + U2F ✔ -
    +

    - +

    Base de données de la configuration

    @@ -356,14 +353,14 @@ SOAP ✔ Backend proxy à utiliser avec un autre backend de configuration.
    Peut être utilisé pour sécuriser un autre backend pour des serveurs distants. -
    +
    On ne peut démarrer avec une configuration vide, il faut donc lire comment changer de backend de configuration pour convertir une configuration existante en une autre.

    - +

    Base de données des sessions

    @@ -404,13 +401,13 @@ Les sessions sont stockées en utilisant les modules de la famille SOAP ✔ ✔ ✔ ✔ Backend proxy à utiliser avec un autre backend de sessions.
    Peut être utilisé pour sécuriser un autre backend pour des serveurs distants. -
    +

    - +

    Fournisseur d'identité

    @@ -444,7 +441,7 @@ Les sessions sont stockées en utilisant les modules de la famille +

    Protection des applications

    @@ -473,7 +470,7 @@ Les sessions sont stockées en utilisant les modules de la famille +

    Well known compatible applications

    @@ -548,7 +545,7 @@ Les sessions sont stockées en utilisant les modules de la famille +

    Fonctionnalités avancées

    @@ -595,7 +592,7 @@ Les sessions sont stockées en utilisant les modules de la famille +

    Mini howtos

    @@ -626,7 +623,7 @@ Les sessions sont stockées en utilisant les modules de la famille +

    Exploitation

    @@ -659,7 +656,7 @@ Les sessions sont stockées en utilisant les modules de la famille +
    diff --git a/po-doc/fr/pages/documentation/current/u2f.html b/po-doc/fr/pages/documentation/current/u2f.html index b3c00b378..0aac17f3e 100644 --- a/po-doc/fr/pages/documentation/current/u2f.html +++ b/po-doc/fr/pages/documentation/current/u2f.html @@ -50,6 +50,7 @@
    -

    Configuration

    +

    Pré-requis et dépendances

    +
    + +

    + +This feature uses Crypt::U2F::Server::Simple that is available only via CPAN for now. Before compiling it, you must install Yubico's C library headers (called libu2f-server-dev on Debian). + +

    + +
    + +

    Configuration

    @@ -91,9 +103,9 @@ In the manager (advanced parameters), you just have to enable it: -

    + -

    Assistance

    +

    Assistance

    @@ -102,9 +114,9 @@ If a user lost its key, you may remove it's persistent session using the session

    -
    + -

    Developer corner

    +

    Developer corner

    @@ -112,7 +124,7 @@ If a user lost its key, you may remove it's persistent session using the session If you have another U2F registration interface, you have to populate session (using exported variables) to set these keys:

    -
    +
    @@ -124,7 +136,7 @@ If you have another U2F registration interface, you have to populate session (us -
    Nom Value
    _u2fUserKey user key value, base64 encoded
    +

    @@ -132,7 +144,7 @@ Note that both “origin” and “appId” are fixed to portal + diff --git a/po-doc/fr/pages/documentation/current/upgrade.html b/po-doc/fr/pages/documentation/current/upgrade.html index 26752aba8..d2ef9e764 100644 --- a/po-doc/fr/pages/documentation/current/upgrade.html +++ b/po-doc/fr/pages/documentation/current/upgrade.html @@ -52,6 +52,7 @@

    • Configuration
    • Sécurité
      • +
    • Rules and headers
    • Supported servers
    • SOAP/REST services
    • Developer corner
      @@ -83,11 +84,12 @@
      Apache-ModPerl is no longer usable since version 2.4 (many segfaults,…). LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI (portal and manager).

      -For handlers, it is now recommended to migrate to Nginx ! +For handlers, it is now recommended to migrate to Nginx, but Apache-2 is still supported +

      - +

      Sécurité

      @@ -104,18 +106,27 @@ LLNG portal now embeds the following features:
    - + -

    Supported servers

    +

    Rules and headers

    +
    +
      +
    • pseudo variable $ip is replaced by remote_ip() function in rules and headers. Note that session variable $ipAddr (remote address seen by portal) is still available
      +
      • +
    + +
    + +

    Supported servers

    • Apache-1.3 files are not provided now. You can build them yourself by looking at Apache-2 configuration files
    -
    + -

    SOAP/REST services

    +

    SOAP/REST services

    • SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled
      @@ -126,14 +137,14 @@ LLNG portal now embeds the following features:
    -
    + -

    Developer corner

    +

    Developer corner

    -
    + -

    APIs

    +

    APIs

    @@ -142,9 +153,9 @@ Portal has now many REST features and includes a plugin +

    -

    Portal overview

    +

    Portal overview

    @@ -168,14 +179,13 @@ The request is a separated object based on Lemonldap::NG::Portal::Main::Request

    -
    + -

    Agent (Handler)

    +

    Agent (Handler)

    -
    Handler libraries have been changed another time. Inheritance is back (like 1.3.3). We are sorry for this new inconvenience. - +
    Handler libraries have been totally rewritten. If you've made custom handlers, they must be rewritten. See customhandlers
    -
    +
    diff --git a/po-doc/fr/pages/documentation/current/writingrulesand_headers.html b/po-doc/fr/pages/documentation/current/writingrulesand_headers.html index 74e5a7f67..c7b169246 100644 --- a/po-doc/fr/pages/documentation/current/writingrulesand_headers.html +++ b/po-doc/fr/pages/documentation/current/writingrulesand_headers.html @@ -11,7 +11,7 @@ //else --> - + @@ -43,7 +43,20 @@ -
    +
    + +
    +

    Table of Contents

    + +
    +

    Écrire les règles et en-têtes

    @@ -127,16 +140,19 @@ Les règles peuvent également être utilisées pour intercepter les Déconnecte l'utilisateur de Lemonldap::NG le redirige vers http://intranet/ ^/index.php\?logout logout_sso http://intranet/ - Déconnecte l'utilisateur de l'application courante et le redirige vers le menu ^/index.php\?logout logout_app https://auth.example.com/ + Logout user from current application and redirect it to the menu (Apache only) ^/index.php\?logout logout_app https://auth.example.com/ - Déconnecte l'utilisateur de l'application courante et de Lemonldap::NG le redirige vers http://intranet/ ^/index.php\?logout logout_app_sso http://intranet/ + Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ (Apache only) ^/index.php\?logout logout_app_sso http://intranet/ -
    -
    Par défaut, l'utilisateur est redirigé vers le portail si aucune URL n'est définie ou vers l'URL indiquée sinon. -
    Seule l'application est concernée par les cibles logout_app*. Faire attention avec certaines applications qui ne vérifient pas les en-têtes Lemonldap::NG après avoir créé leurs propres cookies. Dans ce cas, il faut rediriger les utilisateurs vers une page HTML qui explique qu'il est préférable de clore son navigateur après déconnexion. +
    + +

    +Par défaut, l'utilisateur est redirigé vers le portail si aucune URL n'est définie ou vers l'URL indiquée sinon. +

    +
    Seule l'application est concernée par les cibles logout_app*. Faire attention avec certaines applications qui ne vérifient pas les en-têtes Lemonldap::NG après avoir créé leurs propres cookies. Dans ce cas, il faut rediriger les utilisateurs vers une page HTML qui explique qu'il est préférable de clore son navigateur après déconnexion.
    -
    +

    En-têtes

    @@ -166,7 +182,7 @@ Exemples : Done une valeur non-ascii Display-Name encode_base64($givenName." ".$surName) -
    +

    Comme indiqué au chapître performances, on peut utiliser des macros, macros locales,… @@ -182,7 +198,24 @@ Comme indiqué au Session-ID => $_session_id - + + +

    Available functions

    +
    + +

    + +In addition to macros and name, you can use some functions in rules and headers: + +

    +     + +