dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Doc update: Google Apps

Browse Source
This commit is contained in:
Clément Oudot 2010-07-26 10:17:45 +00:00
parent bde14e8852
commit d295db2aa5
9 changed files with 334 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
build/lemonldap-ng/doc/3-Table-of-contents-fr.html
View File

@ -106,6 +106,9 @@
<li><a href="#HApplications22maison22">Applications
"maison"</a></li>
<li><a href="#HFournisseursdeserviceSAML">Fournisseurs de service
SAML</a></li>
</ul>
</li>
@ -417,7 +420,7 @@
</tr>
<tr class="table-even">
<td><strong class="strong">Gestion et de R&eacute;servations de
<td><strong class="strong">Gestion et R&eacute;servations de
Ressources</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/grr_logo.png" alt=
"grr_logo.png" /></td>
@ -535,6 +538,20 @@
<span class="wikiexternallink"><a href=
"http://www.drupal.org/">Official website</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">OBM</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/obm_logo.png" alt=
"obm_logo.png" /></td>
<td>Groupware<br />
<br />
<span class="wikiexternallink"><a href=
"http://www.obm.org/doku.php?id=docs:configuration:lemonldap">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href="http://www.obm.org/">Official
website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
@ -589,7 +606,7 @@
"/xwiki/bin/view/NG/DocAppSpringSecurity">Proc&eacute;dure
SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://static.springsource.org/spring-security/site/index.">Site web
"http://static.springsource.org/spring-security/site/">Site web
officiel</a></span></td>
</tr>
</table>
@ -598,11 +615,39 @@
"maison"</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppSelfMade">Comment modifier mon application
?</a></span></li>
<li><span class="wikilink"><a href="5-Appli-self-made.html">Comment
modifier mon application ?</a></span></li>
</ul>
<h4 class="heading-1-1-1"><span id=
"HFournisseursdeserviceSAML">Fournisseurs de service SAML</span></h4>
<p class="paragraph"></p><i class="italic">Tous les fournisseurs de
service SAML 2.0 devraient fonctionner avec LemonLDAP::NG configur&eacute;
en fournisseur d'idenit&eacute;</i>
<p class="paragraph"></p>
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Application</th>
<th>Description</th>
</tr>
<tr class="table-odd">
<td><strong class="strong">Google Apps</strong><br />
<img src="googleapps_logo.png" alt="googleapps_logo.png" /></td>
<td>Gmail, Calendar, ...<br />
<br />
<span class="wikilink"><a href=
"5-Appli-Google-Apps.html">Proc&eacute;dure SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.google.com/apps/">[Site officiel</a></span></td>
</tr>
</table>
<h3 class="heading-1-1"><span id="HAutres">Autres</span></h3><img src=
"tux_clemente_01.png" alt="tux_clemente_01.png" />

53
build/lemonldap-ng/doc/3-Table-of-contents.html
View File

@ -101,6 +101,8 @@
<li><a href="#HConnectors">Connectors</a></li>
<li><a href="#HSelfmade">Self-made</a></li>
<li><a href="#HSAMLServiceProviders">SAML Service Providers</a></li>
</ul>
</li>
@ -406,7 +408,7 @@
</tr>
<tr class="table-even">
<td><strong class="strong">Gestion et de R&eacute;servations de
<td><strong class="strong">Gestion et R&eacute;servations de
Ressources</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/grr_logo.png" alt=
"grr_logo.png" /></td>
@ -522,6 +524,20 @@
<span class="wikiexternallink"><a href=
"http://www.drupal.org/">Official website</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">OBM</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/obm_logo.png" alt=
"obm_logo.png" /></td>
<td>Groupware<br />
<br />
<span class="wikiexternallink"><a href=
"http://www.obm.org/doku.php?id=docs:configuration:lemonldap">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href="http://www.obm.org/">Official
website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
@ -573,7 +589,7 @@
"/xwiki/bin/view/NG/DocAppSpringSecurity">SSO procedure</a></span>
(en)<br />
<span class="wikiexternallink"><a href=
"http://static.springsource.org/spring-security/site/index.">Official
"http://static.springsource.org/spring-security/site/">Official
website</a></span></td>
</tr>
</table>
@ -581,11 +597,38 @@
<h4 class="heading-1-1-1"><span id="HSelfmade">Self-made</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppSelfMade">How to modify my
application?</a></span></li>
<li><span class="wikilink"><a href="5-Appli-self-made.html">How to
modify my application?</a></span></li>
</ul>
<h4 class="heading-1-1-1"><span id="HSAMLServiceProviders">SAML Service
Providers</span></h4>
<p class="paragraph"></p><i class="italic">All SAML 2.0 Service Providers
should work with LemonLDAP::NG configured as Identity Provider</i>
<p class="paragraph"></p>
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Application</th>
<th>Description</th>
</tr>
<tr class="table-odd">
<td><strong class="strong">Google Apps</strong><br />
<img src="googleapps_logo.png" alt="googleapps_logo.png" /></td>
<td>Gmail, Calendar, ...<br />
<br />
<span class="wikilink"><a href="5-Appli-Google-Apps.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.google.com/apps/">[Official website</a></span></td>
</tr>
</table>
<h3 class="heading-1-1"><span id="HOthers">Others</span></h3><img src=
"tux_clemente_01.png" alt="tux_clemente_01.png" />

207
build/lemonldap-ng/doc/5-Appli-Google-Apps.html Normal file
View File

@ -0,0 +1,207 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 25 March 2009), see www.w3.org" />
<title>Lemonldap::NG documentation: 5-Appli-Google-Apps.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HGoogleApps">Google Apps</span></h2>
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Google Apps can use SAML to authenticate users,
behaving as an SAML service provider, as explained here: <span class=
"wikiexternallink"><a href=
"http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html">
http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html</a></span>.
<p class="paragraph"></p>To work with LemonLDAP::NG it requires:
<ul class="star">
<li>An enterprise Google Apps account</li>
<li>LemonLDAP::NG 1.0 configured as Identity Provider</li>
<li>Registered users on Google Apps with the same email than those used
by LemonLDAP::NG (email will be the NameID exchanged between Google Apps
and LemonLDAP::NG)</li>
</ul>
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3>
<h4 class="heading-1-1-1"><span id="HGoogleApps">Google Apps</span></h4>
<p class="paragraph"></p><strong class="strong">Note</strong>: this part
is based on SimpleSAMLPHP documentation: <span class=
"wikiexternallink"><a href=
"http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps">http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps</a></span>.
<p class="paragraph"></p>As administrator, go in Google Apps control panel
and clik on <strong class="strong">Advanced tools</strong>:
<p class="paragraph"></p><img src="googleapps-menu.png" alt=
"googleapps-menu.png" />
<p class="paragraph"></p>Then select "Set up single sign-on (SSO)":
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocAppGoogleApps/googleapps-sso.png" alt=
"googleapps-sso.png" />
<p class="paragraph"></p>Now configure all SAML parameters:
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocAppGoogleApps/googleapps-ssoconfig.png" alt=
"googleapps-ssoconfig.png" />
<ul class="star">
<li><strong class="strong">Enable Single Sign-On</strong>: check the
box. Uncheck it to disable SAML authentication (for example, if your
Identity Provider is down).</li>
<li><strong class="strong">Sign-in page URL</strong>: SSO access point
(HTTP-Redirect binding). Example: <span class="nobr"><a href=
"http://auth.example.com/saml/singleSignOn">http://auth.example.com/saml/singleSignOn</a></span></li>
<li><strong class="strong">Sign-out page URL</strong>: this in not the
SLO access point (Google Apps does not support SLO), but the main logout
page. Example: <span class="nobr"><a href=
"http://auth.example.com/?logout=1">http://auth.example.com/?logout=1</a></span></li>
<li><strong class="strong">Change password URL</strong>: where users can
change their password. Example: <span class="nobr"><a href=
"http://auth.example.com">http://auth.example.com</a></span></li>
</ul>For the certificate, you can build id from the signing private key
registered in Manager. Select the key, and export it (button
<strong class="strong">Download this file</strong>):
<p class="paragraph"></p><img src="googleapps-export-priv-key.png" alt=
"googleapps-export-priv-key.png" />
<p class="paragraph"></p>After choosing the file name (for example
lemonldapn-ng-priv.key), download the key on your disk.
<p class="paragraph"></p>The use openssl to generate an auto-signed
certificate:
<p class="paragraph"></p>
<div class="code">
<pre>
$ openssl req -<span class=
"java-keyword">new</span> -key lemonldap-ng-priv.key -out cert.csr
$ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem
</pre>
</div>
<p class="paragraph"></p>You can the upload the certificate (cert.pem) on
Google Apps.
<h4 class="heading-1-1-1"><span id=
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h4>
<p class="paragraph"></p>You should have configured LemonLDAP::NG as an
SAML Identity Provider, following <span class="wikilink"><a href=
"4.8-SAML-issuer-backend.html">this documentation</a></span>.
<p class="paragraph"></p>Now we will add Google Apps as a new SAML Service
Provider:
<ol>
<li>In Manager, click on <strong class="strong">SAML service
providers</strong> and the button <strong class="strong">New
metadatas</strong>.</li>
<li>Set <strong class="strong">GoogleApps</strong> as Service Provider
name.</li>
<li>Set <strong class="strong">Email</strong> in <strong class=
"strong">Options</strong> &gt; *Authentication Response* &gt;
<strong class="strong">Default NameID format</strong></li>
<li>Disable all signature flags in <strong class=
"strong">Options</strong> &gt; *Signature*, except <strong class=
"strong">Sign SSO message</strong> which should be to <strong class=
"strong">On</strong></li>
<li>Select <strong class="strong">Metadata</strong>, and unprotect the
field to paste the following value:</li>
</ol>
<div class="code">
<pre>
&lt;md:EntityDescriptor entityID=<span class=
"java-quote">"google.com"</span> xmlns=<span class=
"java-quote">"urn:oasis:names:tc:SAML:2.0:metadata"</span> xmlns:ds=<span class="java-quote">"http://www.w3.org/2000/09/xmldsig#"</span> xmlns:md=<span class="java-quote">"urn:oasis:names:tc:SAML:2.0:metadata"</span>&gt;
&lt;SPSSODescriptor protocolSupportEnumeration=<span class=
"java-quote">"urn:oasis:names:tc:SAML:2.0:protocol"</span>&gt;
&lt;AssertionConsumerService Binding=<span class=
"java-quote">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span> Location=<span class="java-quote">"https://www.google.com/a/*mydomain.org*/acs"</span> index=<span class="java-quote">"1"</span> /&gt;
&lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/NameIDFormat&gt;
&lt;/SPSSODescriptor&gt;
&lt;/md:EntityDescriptor&gt;
</pre>
</div>
<p class="paragraph"></p>You just have to change <strong class=
"strong">mydomain.org</strong> into your Google Apps domain.
<p class="paragraph"></p>Then click on <strong class=
"strong">Apply</strong>, and <strong class="strong">Save</strong> to save
the whole configuration.
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

24
build/lemonldap-ng/doc/6-References.html
View File

@ -72,6 +72,9 @@
<li><a href="#HLINAGORAGroup">LINAGORA Group</a></li>
<li><a href="#HSGS">SGS</a></li>
<li><a href="#HSouthBayCommunityNetwork">South Bay Community
Network</a></li>
</ul>They use LemonLDAP::NG:
<h3 class="heading-1-1"><span id="HRC3A9gionBasseNormandie">R&eacute;gion
@ -169,6 +172,27 @@
<li>Nb protected applications: ~10</li>
</ul>
<h3 class="heading-1-1"><span id="HSouthBayCommunityNetwork">South Bay
Community Network</span></h3>
<ul class="star">
<li>Authentication portal: <span class="nobr"><a href=
"https://auth.sso.sbay.org/">https://auth.sso.sbay.org/</a></span></li>
<li>Applications: TikiWiki, ...</li>
</ul>Protected sites:
<ul class="star">
<li><span class="nobr"><a href=
"http://wiki.sbay.org/">http://wiki.sbay.org/</a></span></li>
<li><span class="nobr"><a href=
"http://www.linuxpicnic.org/">http://www.linuxpicnic.org/</a></span></li>
<li><span class="nobr"><a href=
"http://www.svwux.org/">http://www.svwux.org/</a></span></li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>

BIN
build/lemonldap-ng/doc/googleapps-export-priv-key.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
build/lemonldap-ng/doc/googleapps-menu.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.1 KiB

BIN
build/lemonldap-ng/doc/googleapps_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

1
build/lemonldap-ng/doc/index.html
View File

@ -109,6 +109,7 @@
<li><a href="5-Appli-Drupal.html">5 Appli Drupal</a></li>
<li><a href="5-Appli-GLPI.html">5 Appli GLPI</a></li>
<li><a href="5-Appli-GRR.html">5 Appli GRR</a></li>
<li><a href="5-Appli-Google-Apps.html">5 Appli Google Apps</a></li>
<li><a href="5-Appli-HTTP-Basic-Authentication.html">5 Appli HTTP Basic Authentication</a></li>
<li><a href="5-Appli-Liferay.html">5 Appli Liferay</a></li>
<li><a href="5-Appli-MediaWiki.html">5 Appli MediaWiki</a></li>

5
build/lemonldap-ng/scripts/doc.pl
View File

@ -170,6 +170,8 @@ my $docs = {
=> '5-Appli-HTTP-Basic-Authentication.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppSelfMade' =>
'5-Appli-self-made.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppGoogleApps' =>
'5-Appli-Google-Apps.html',
# Other
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/Main/Contacts' =>
@ -373,7 +375,8 @@ s#/xwiki/bin/view/NG/SeveralIndependantPortals#4.10-Several-independant-portals.
s#/xwiki/bin/view/NG/DocAppDrupal#5-Appli-Drupal.html#g;
s#/xwiki/bin/view/NG/DocAppTomcatValve#5-Appli-Tomcat-Valve.html#g;
s#/xwiki/bin/view/NG/DocAppBasicAuthentication#5-Appli-HTTP-Basic-Authentication.html#g;
s#/xwiki/bin/view/NG/DocAppselfMade#5-Appli-self-made.html#g;
s#/xwiki/bin/view/NG/DocAppSelfMade#5-Appli-self-made.html#g;
s#/xwiki/bin/view/NG/DocAppGoogleApps#5-Appli-Google-Apps.html#g;
s#/xwiki/bin/view/Main/Contacts#6-Contacts.html#g;
s#/xwiki/bin/view/NG/Roadmap#6-Roadmap.html#g;
s#/xwiki/bin/view/NG/References#6-References.html#g;