Doc update: Google Apps
This commit is contained in:
parent
bde14e8852
commit
d295db2aa5
|
@ -106,6 +106,9 @@
|
|||
|
||||
<li><a href="#HApplications22maison22">Applications
|
||||
"maison"</a></li>
|
||||
|
||||
<li><a href="#HFournisseursdeserviceSAML">Fournisseurs de service
|
||||
SAML</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
@ -417,7 +420,7 @@
|
|||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">Gestion et de Réservations de
|
||||
<td><strong class="strong">Gestion et Réservations de
|
||||
Ressources</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/grr_logo.png" alt=
|
||||
"grr_logo.png" /></td>
|
||||
|
@ -535,6 +538,20 @@
|
|||
<span class="wikiexternallink"><a href=
|
||||
"http://www.drupal.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">OBM</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/obm_logo.png" alt=
|
||||
"obm_logo.png" /></td>
|
||||
|
||||
<td>Groupware<br />
|
||||
<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.obm.org/doku.php?id=docs:configuration:lemonldap">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href="http://www.obm.org/">Official
|
||||
website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
|
||||
|
@ -589,7 +606,7 @@
|
|||
"/xwiki/bin/view/NG/DocAppSpringSecurity">Procédure
|
||||
SSO</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://static.springsource.org/spring-security/site/index.">Site web
|
||||
"http://static.springsource.org/spring-security/site/">Site web
|
||||
officiel</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -598,11 +615,39 @@
|
|||
"maison"</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppSelfMade">Comment modifier mon application
|
||||
?</a></span></li>
|
||||
<li><span class="wikilink"><a href="5-Appli-self-made.html">Comment
|
||||
modifier mon application ?</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HFournisseursdeserviceSAML">Fournisseurs de service SAML</span></h4>
|
||||
|
||||
<p class="paragraph"></p><i class="italic">Tous les fournisseurs de
|
||||
service SAML 2.0 devraient fonctionner avec LemonLDAP::NG configuré
|
||||
en fournisseur d'idenité</i>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>Application</th>
|
||||
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Google Apps</strong><br />
|
||||
<img src="googleapps_logo.png" alt="googleapps_logo.png" /></td>
|
||||
|
||||
<td>Gmail, Calendar, ...<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"5-Appli-Google-Apps.html">Procédure SSO</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.google.com/apps/">[Site officiel</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAutres">Autres</span></h3><img src=
|
||||
"tux_clemente_01.png" alt="tux_clemente_01.png" />
|
||||
|
||||
|
|
|
@ -101,6 +101,8 @@
|
|||
<li><a href="#HConnectors">Connectors</a></li>
|
||||
|
||||
<li><a href="#HSelfmade">Self-made</a></li>
|
||||
|
||||
<li><a href="#HSAMLServiceProviders">SAML Service Providers</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
@ -406,7 +408,7 @@
|
|||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">Gestion et de Réservations de
|
||||
<td><strong class="strong">Gestion et Réservations de
|
||||
Ressources</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/grr_logo.png" alt=
|
||||
"grr_logo.png" /></td>
|
||||
|
@ -522,6 +524,20 @@
|
|||
<span class="wikiexternallink"><a href=
|
||||
"http://www.drupal.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">OBM</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/obm_logo.png" alt=
|
||||
"obm_logo.png" /></td>
|
||||
|
||||
<td>Groupware<br />
|
||||
<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.obm.org/doku.php?id=docs:configuration:lemonldap">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href="http://www.obm.org/">Official
|
||||
website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
|
||||
|
@ -573,7 +589,7 @@
|
|||
"/xwiki/bin/view/NG/DocAppSpringSecurity">SSO procedure</a></span>
|
||||
(en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://static.springsource.org/spring-security/site/index.">Official
|
||||
"http://static.springsource.org/spring-security/site/">Official
|
||||
website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -581,11 +597,38 @@
|
|||
<h4 class="heading-1-1-1"><span id="HSelfmade">Self-made</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppSelfMade">How to modify my
|
||||
application?</a></span></li>
|
||||
<li><span class="wikilink"><a href="5-Appli-self-made.html">How to
|
||||
modify my application?</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSAMLServiceProviders">SAML Service
|
||||
Providers</span></h4>
|
||||
|
||||
<p class="paragraph"></p><i class="italic">All SAML 2.0 Service Providers
|
||||
should work with LemonLDAP::NG configured as Identity Provider</i>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>Application</th>
|
||||
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Google Apps</strong><br />
|
||||
<img src="googleapps_logo.png" alt="googleapps_logo.png" /></td>
|
||||
|
||||
<td>Gmail, Calendar, ...<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="5-Appli-Google-Apps.html">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.google.com/apps/">[Official website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HOthers">Others</span></h3><img src=
|
||||
"tux_clemente_01.png" alt="tux_clemente_01.png" />
|
||||
|
||||
|
|
207
build/lemonldap-ng/doc/5-Appli-Google-Apps.html
Normal file
207
build/lemonldap-ng/doc/5-Appli-Google-Apps.html
Normal file
|
@ -0,0 +1,207 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 25 March 2009), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 5-Appli-Google-Apps.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HGoogleApps">Google Apps</span></h2>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Google Apps can use SAML to authenticate users,
|
||||
behaving as an SAML service provider, as explained here: <span class=
|
||||
"wikiexternallink"><a href=
|
||||
"http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html">
|
||||
http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html</a></span>.
|
||||
|
||||
<p class="paragraph"></p>To work with LemonLDAP::NG it requires:
|
||||
|
||||
<ul class="star">
|
||||
<li>An enterprise Google Apps account</li>
|
||||
|
||||
<li>LemonLDAP::NG 1.0 configured as Identity Provider</li>
|
||||
|
||||
<li>Registered users on Google Apps with the same email than those used
|
||||
by LemonLDAP::NG (email will be the NameID exchanged between Google Apps
|
||||
and LemonLDAP::NG)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HConfiguration">Configuration</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HGoogleApps">Google Apps</span></h4>
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Note</strong>: this part
|
||||
is based on SimpleSAMLPHP documentation: <span class=
|
||||
"wikiexternallink"><a href=
|
||||
"http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps">http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps</a></span>.
|
||||
|
||||
<p class="paragraph"></p>As administrator, go in Google Apps control panel
|
||||
and clik on <strong class="strong">Advanced tools</strong>:
|
||||
|
||||
<p class="paragraph"></p><img src="googleapps-menu.png" alt=
|
||||
"googleapps-menu.png" />
|
||||
|
||||
<p class="paragraph"></p>Then select "Set up single sign-on (SSO)":
|
||||
|
||||
<p class="paragraph"></p><img src=
|
||||
"/xwiki/bin/download/NG/DocAppGoogleApps/googleapps-sso.png" alt=
|
||||
"googleapps-sso.png" />
|
||||
|
||||
<p class="paragraph"></p>Now configure all SAML parameters:
|
||||
|
||||
<p class="paragraph"></p><img src=
|
||||
"/xwiki/bin/download/NG/DocAppGoogleApps/googleapps-ssoconfig.png" alt=
|
||||
"googleapps-ssoconfig.png" />
|
||||
|
||||
<ul class="star">
|
||||
<li><strong class="strong">Enable Single Sign-On</strong>: check the
|
||||
box. Uncheck it to disable SAML authentication (for example, if your
|
||||
Identity Provider is down).</li>
|
||||
|
||||
<li><strong class="strong">Sign-in page URL</strong>: SSO access point
|
||||
(HTTP-Redirect binding). Example: <span class="nobr"><a href=
|
||||
"http://auth.example.com/saml/singleSignOn">http://auth.example.com/saml/singleSignOn</a></span></li>
|
||||
|
||||
<li><strong class="strong">Sign-out page URL</strong>: this in not the
|
||||
SLO access point (Google Apps does not support SLO), but the main logout
|
||||
page. Example: <span class="nobr"><a href=
|
||||
"http://auth.example.com/?logout=1">http://auth.example.com/?logout=1</a></span></li>
|
||||
|
||||
<li><strong class="strong">Change password URL</strong>: where users can
|
||||
change their password. Example: <span class="nobr"><a href=
|
||||
"http://auth.example.com">http://auth.example.com</a></span></li>
|
||||
</ul>For the certificate, you can build id from the signing private key
|
||||
registered in Manager. Select the key, and export it (button
|
||||
<strong class="strong">Download this file</strong>):
|
||||
|
||||
<p class="paragraph"></p><img src="googleapps-export-priv-key.png" alt=
|
||||
"googleapps-export-priv-key.png" />
|
||||
|
||||
<p class="paragraph"></p>After choosing the file name (for example
|
||||
lemonldapn-ng-priv.key), download the key on your disk.
|
||||
|
||||
<p class="paragraph"></p>The use openssl to generate an auto-signed
|
||||
certificate:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ openssl req -<span class=
|
||||
"java-keyword">new</span> -key lemonldap-ng-priv.key -out cert.csr
|
||||
$ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You can the upload the certificate (cert.pem) on
|
||||
Google Apps.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h4>
|
||||
|
||||
<p class="paragraph"></p>You should have configured LemonLDAP::NG as an
|
||||
SAML Identity Provider, following <span class="wikilink"><a href=
|
||||
"4.8-SAML-issuer-backend.html">this documentation</a></span>.
|
||||
|
||||
<p class="paragraph"></p>Now we will add Google Apps as a new SAML Service
|
||||
Provider:
|
||||
|
||||
<ol>
|
||||
<li>In Manager, click on <strong class="strong">SAML service
|
||||
providers</strong> and the button <strong class="strong">New
|
||||
metadatas</strong>.</li>
|
||||
|
||||
<li>Set <strong class="strong">GoogleApps</strong> as Service Provider
|
||||
name.</li>
|
||||
|
||||
<li>Set <strong class="strong">Email</strong> in <strong class=
|
||||
"strong">Options</strong> > *Authentication Response* >
|
||||
<strong class="strong">Default NameID format</strong></li>
|
||||
|
||||
<li>Disable all signature flags in <strong class=
|
||||
"strong">Options</strong> > *Signature*, except <strong class=
|
||||
"strong">Sign SSO message</strong> which should be to <strong class=
|
||||
"strong">On</strong></li>
|
||||
|
||||
<li>Select <strong class="strong">Metadata</strong>, and unprotect the
|
||||
field to paste the following value:</li>
|
||||
</ol>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<md:EntityDescriptor entityID=<span class=
|
||||
"java-quote">"google.com"</span> xmlns=<span class=
|
||||
"java-quote">"urn:oasis:names:tc:SAML:2.0:metadata"</span> xmlns:ds=<span class="java-quote">"http://www.w3.org/2000/09/xmldsig#"</span> xmlns:md=<span class="java-quote">"urn:oasis:names:tc:SAML:2.0:metadata"</span>>
|
||||
<SPSSODescriptor protocolSupportEnumeration=<span class=
|
||||
"java-quote">"urn:oasis:names:tc:SAML:2.0:protocol"</span>>
|
||||
<AssertionConsumerService Binding=<span class=
|
||||
"java-quote">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span> Location=<span class="java-quote">"https://www.google.com/a/*mydomain.org*/acs"</span> index=<span class="java-quote">"1"</span> />
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
</SPSSODescriptor>
|
||||
</md:EntityDescriptor>
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You just have to change <strong class=
|
||||
"strong">mydomain.org</strong> into your Google Apps domain.
|
||||
|
||||
<p class="paragraph"></p>Then click on <strong class=
|
||||
"strong">Apply</strong>, and <strong class="strong">Save</strong> to save
|
||||
the whole configuration.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -72,6 +72,9 @@
|
|||
<li><a href="#HLINAGORAGroup">LINAGORA Group</a></li>
|
||||
|
||||
<li><a href="#HSGS">SGS</a></li>
|
||||
|
||||
<li><a href="#HSouthBayCommunityNetwork">South Bay Community
|
||||
Network</a></li>
|
||||
</ul>They use LemonLDAP::NG:
|
||||
|
||||
<h3 class="heading-1-1"><span id="HRC3A9gionBasseNormandie">Région
|
||||
|
@ -169,6 +172,27 @@
|
|||
|
||||
<li>Nb protected applications: ~10</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HSouthBayCommunityNetwork">South Bay
|
||||
Community Network</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Authentication portal: <span class="nobr"><a href=
|
||||
"https://auth.sso.sbay.org/">https://auth.sso.sbay.org/</a></span></li>
|
||||
|
||||
<li>Applications: TikiWiki, ...</li>
|
||||
</ul>Protected sites:
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="nobr"><a href=
|
||||
"http://wiki.sbay.org/">http://wiki.sbay.org/</a></span></li>
|
||||
|
||||
<li><span class="nobr"><a href=
|
||||
"http://www.linuxpicnic.org/">http://www.linuxpicnic.org/</a></span></li>
|
||||
|
||||
<li><span class="nobr"><a href=
|
||||
"http://www.svwux.org/">http://www.svwux.org/</a></span></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
BIN
build/lemonldap-ng/doc/googleapps-export-priv-key.png
Normal file
BIN
build/lemonldap-ng/doc/googleapps-export-priv-key.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 50 KiB |
BIN
build/lemonldap-ng/doc/googleapps-menu.png
Normal file
BIN
build/lemonldap-ng/doc/googleapps-menu.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 9.1 KiB |
BIN
build/lemonldap-ng/doc/googleapps_logo.png
Normal file
BIN
build/lemonldap-ng/doc/googleapps_logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 12 KiB |
|
@ -109,6 +109,7 @@
|
|||
<li><a href="5-Appli-Drupal.html">5 Appli Drupal</a></li>
|
||||
<li><a href="5-Appli-GLPI.html">5 Appli GLPI</a></li>
|
||||
<li><a href="5-Appli-GRR.html">5 Appli GRR</a></li>
|
||||
<li><a href="5-Appli-Google-Apps.html">5 Appli Google Apps</a></li>
|
||||
<li><a href="5-Appli-HTTP-Basic-Authentication.html">5 Appli HTTP Basic Authentication</a></li>
|
||||
<li><a href="5-Appli-Liferay.html">5 Appli Liferay</a></li>
|
||||
<li><a href="5-Appli-MediaWiki.html">5 Appli MediaWiki</a></li>
|
||||
|
|
|
@ -170,6 +170,8 @@ my $docs = {
|
|||
=> '5-Appli-HTTP-Basic-Authentication.html',
|
||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppSelfMade' =>
|
||||
'5-Appli-self-made.html',
|
||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppGoogleApps' =>
|
||||
'5-Appli-Google-Apps.html',
|
||||
|
||||
# Other
|
||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/Main/Contacts' =>
|
||||
|
@ -373,7 +375,8 @@ s#/xwiki/bin/view/NG/SeveralIndependantPortals#4.10-Several-independant-portals.
|
|||
s#/xwiki/bin/view/NG/DocAppDrupal#5-Appli-Drupal.html#g;
|
||||
s#/xwiki/bin/view/NG/DocAppTomcatValve#5-Appli-Tomcat-Valve.html#g;
|
||||
s#/xwiki/bin/view/NG/DocAppBasicAuthentication#5-Appli-HTTP-Basic-Authentication.html#g;
|
||||
s#/xwiki/bin/view/NG/DocAppselfMade#5-Appli-self-made.html#g;
|
||||
s#/xwiki/bin/view/NG/DocAppSelfMade#5-Appli-self-made.html#g;
|
||||
s#/xwiki/bin/view/NG/DocAppGoogleApps#5-Appli-Google-Apps.html#g;
|
||||
s#/xwiki/bin/view/Main/Contacts#6-Contacts.html#g;
|
||||
s#/xwiki/bin/view/NG/Roadmap#6-Roadmap.html#g;
|
||||
s#/xwiki/bin/view/NG/References#6-References.html#g;
|
||||
|
|
Loading…
Reference in New Issue
Block a user