dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into manager-SFA-module

Browse Source
This commit is contained in:
Christophe Maudoux 2018-03-20 21:32:55 +01:00
commit da926a8546
66 changed files with 999 additions and 626 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1521141343" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1521571149" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1521141343" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1521571149" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

9
doc/pages/documentation/current/authcustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcustom.html"/>
@ -65,9 +65,10 @@
<p>
This artifact allows one to define its own modules (authentication, user database, password or register DB).
</p>
<div class="notetip">The developper documentation is available in Portal manpages.
</div>
<!-- EDIT3 SECTION "Presentation" [117-252] -->
</div>
<!-- EDIT3 SECTION "Presentation" [117-331] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
@ -80,6 +81,6 @@ See portal manpages to see how to write these plugins.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [253-] --></div>
<!-- EDIT4 SECTION "Configuration" [332-] --></div>
</body>
</html>

62
doc/pages/documentation/current/authyubikey.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authyubikey</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authyubikey"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authyubikey.html"/>
@ -46,67 +46,9 @@
<h1 class="sectionedit1" id="yubikey">Yubikey</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [24-81] -->
</div>
<!-- EDIT1 SECTION "Yubikey" [1-82] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
The <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> is a small material token shipped by <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. It sends an OTP, which is validated against Yubico server.
</p>
<p>
You need <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> package.
</p>
<p>
You need to get an client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a> page.
</p>
<div class="notetip">To use your Yubikeys as “second factor”, use <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">Universal 2nd Factor Authentication (U2F)</a> instead of this module
<div class="noteimportant">This module has been replaced by <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey Second Factor</a>
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [83-647] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Yubikey for authentication module.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>Yubikey parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Application Programming Interface">API</abbr> client ID</strong>: <abbr title="Application Programming Interface">API</abbr> client ID from Yubico</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Application Programming Interface">API</abbr> secret key</strong>: <abbr title="Application Programming Interface">API</abbr> secret key from Yubico</div>
</li>
<li class="level1"><div class="li"> <strong>OTP public ID part size</strong>: Part of Yubikey OTP that will be used as the media identifier (default: 12)</div>
</li>
</ul>
<div class="notetip">You have to register the media identifier in your user backend (LDAP or SQL) to match the yubikey with a real user. For example it can be stored as a second value of the uid attribute in the LDAP directory:<ul>
<li class="level1"><div class="li"> uid: coudot</div>
</li>
<li class="level1"><div class="li"> uid: 123456789012 </div>
</li>
</ul>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [648-] --></div>
</body>
</html>

5
doc/pages/documentation/current/configplack.html
View File

@ -55,7 +55,9 @@
<!-- EDIT1 SECTION "Deploy LemonLDAP::NG on a Plack server" [1-295] -->
<h2 class="sectionedit2" id="complete_example">Complete example</h2>
<div class="level2">
<pre class="code :perl"><span class="co1">#!/usr/bin/perl</span>
<dl class="file">
<dt><a href="_export/code/documentation/2.0/configplack/codeblock.0.code" title="Download Snippet" class="mediafile mf_psgi">llapp.psgi</a></dt>
<dd><pre class="code file perl"><span class="co1">#!/usr/bin/perl</span>
&nbsp;
<span class="kw2">use</span> Data<span class="sy0">::</span><span class="me2">Dumper</span><span class="sy0">;</span>
<span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Builder</span><span class="sy0">;</span>
@ -106,6 +108,7 @@ builder <span class="br0">&#123;</span>
mount <span class="st_h">'http://auth.example.com/'</span> <span class="sy0">=&gt;</span> <span class="re0">$portal</span><span class="sy0">;</span>
mount <span class="st_h">'http://manager.example.com/'</span> <span class="sy0">=&gt;</span> <span class="re0">$manager</span><span class="sy0">;</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</dd></dl>
<p>
Launch it with <a href="https://github.com/miyagawa/Starman" class="urlextern" title="https://github.com/miyagawa/Starman" rel="nofollow">Starman</a> for example:

4
doc/pages/documentation/current/external2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:external2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,external2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="external2f.html"/>
@ -77,6 +77,8 @@ All parameters are configured in “General Parameters » Portal Parameters » E
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (Optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
<div class="noteimportant">The command line is split in an array and launch with exec(). So you don&#039;t need to enclose arguments in “” and this protects your system against shell injection. However, you can not use any space except to separate arguments.
</div>

2
doc/pages/documentation/current/parameterlist.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>

12
doc/pages/documentation/current/rest2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:rest2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,rest2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="rest2f.html"/>
@ -85,10 +85,12 @@ All parameters are configured in “General Parameters » Portal Parameters » S
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Configuration" [187-837] -->
<!-- EDIT2 SECTION "Configuration" [187-901] -->
<h2 class="sectionedit3" id="arguments">Arguments</h2>
<div class="level2">
@ -98,7 +100,7 @@ Arguments are a list of key/value. Key is the name of JSON entry, value is attri
<div class="noteimportant">For Verify <abbr title="Uniform Resource Locator">URL</abbr>, you should send $code at least
</div>
</div>
<!-- EDIT3 SECTION "Arguments" [838-1032] -->
<!-- EDIT3 SECTION "Arguments" [902-1096] -->
<h2 class="sectionedit4" id="rest_dialog">REST Dialog</h2>
<div class="level2">
@ -118,8 +120,8 @@ REST web services just have to respond with a “result” key in a JSON file. A
<td class="col0 centeralign"> Verify <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“code”:“$code”,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1243-1472] -->
<!-- EDIT5 TABLE [1307-1536] -->
</div>
<!-- EDIT4 SECTION "REST Dialog" [1033-] --></div>
<!-- EDIT4 SECTION "REST Dialog" [1097-] --></div>
</body>
</html>

4
doc/pages/documentation/current/restserverplugin
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1521141362" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1521571168" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/soapsessionbackend.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:soapsessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,soapsessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="soapsessionbackend.html"/>

52
doc/pages/documentation/current/start.html
View File

@ -310,7 +310,7 @@
<td class="col0"> <a href="authwebid.html" class="wikilink1" title="documentation:2.0:authwebid">WebID</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> <a href="authyubikey.html" class="wikilink1" title="documentation:2.0:authyubikey">Yubikey</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0"> <del><a href="authyubikey.html" class="wikilink1" title="documentation:2.0:authyubikey">Yubikey</a></del> </td><td class="col1 centeralign" colspan="3"> <em>Deprecated, replaced by Yubikey second factor</em> </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> <a href="authcustom.html" class="wikilink1" title="documentation:2.0:authcustom">Custom modules</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td>
@ -340,25 +340,31 @@
<th class="col0"> Second factor </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row31 rowodd">
<td class="col0"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">TOTP-or-U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row32 roweven">
<td class="col0"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(Google Authenticator,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row33 rowodd">
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(Google Authenticator,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row34 roweven">
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row35 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row36 roweven">
<td class="col0"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row37 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row38 roweven">
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
</table></div>
<!-- EDIT9 TABLE [2320-4477] -->
<!-- EDIT9 TABLE [2320-4642] -->
<p>
</div></div>
</p>
@ -402,13 +408,13 @@
<td class="col0"> <a href="issuerdbget.html" class="wikilink1" title="documentation:2.0:issuerdbget">Get parameters provider</a> <em>(for poor applications)</em> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT10 TABLE [4823-5184] -->
<!-- EDIT10 TABLE [4988-5349] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT8 SECTION "Portal" [1784-5212] -->
<!-- EDIT8 SECTION "Portal" [1784-5377] -->
<h3 class="sectionedit11" id="handlers">Handlers</h3>
<div class="level3">
@ -437,7 +443,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> For Cross Domain Authentication </td><td class="col5"></td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(SSOaaS)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Designed to secure dialog between a LLNG reverse-proxy and a remote app </td><td class="col5"></td>
@ -449,7 +455,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [5451-6284] -->
<!-- EDIT12 TABLE [5616-6462] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionality.</em>
</p>
@ -459,7 +465,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
</p>
</div>
<!-- EDIT11 SECTION "Handlers" [5213-6407] -->
<!-- EDIT11 SECTION "Handlers" [5378-6585] -->
<h3 class="sectionedit13" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -505,7 +511,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [6706-7688] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT14 TABLE [6884-7866] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -560,13 +566,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8553-10232] -->
<!-- EDIT15 TABLE [8731-10410] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT13 SECTION "LLNG databases" [6408-10260] -->
<!-- EDIT13 SECTION "LLNG databases" [6586-10438] -->
<h2 class="sectionedit16" id="applications_protection">Applications protection</h2>
<div class="level2">
@ -595,7 +601,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT16 SECTION "Applications protection" [10261-10751] -->
<!-- EDIT16 SECTION "Applications protection" [10439-10929] -->
<h3 class="sectionedit17" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
@ -693,7 +699,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Well known compatible applications" [10752-12965] -->
<!-- EDIT17 SECTION "Well known compatible applications" [10930-13143] -->
<h2 class="sectionedit18" id="advanced_features">Advanced features</h2>
<div class="level2">
@ -725,7 +731,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</li>
<li class="level1"><div class="li"> <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic Handler</a></div>
</li>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a></div>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a> <em>(SSOaaS)</em></div>
</li>
<li class="level1"><div class="li"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Handling server webservice calls</a></div>
</li>
@ -746,7 +752,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Advanced features" [12966-14014] -->
<!-- EDIT18 SECTION "Advanced features" [13144-14205] -->
<h2 class="sectionedit19" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -777,7 +783,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Mini howtos" [14015-14684] -->
<!-- EDIT19 SECTION "Mini howtos" [14206-14875] -->
<h2 class="sectionedit20" id="exploitation">Exploitation</h2>
<div class="level2">
@ -810,7 +816,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Exploitation" [14685-15105] -->
<!-- EDIT20 SECTION "Exploitation" [14876-15296] -->
<h2 class="sectionedit21" id="bug_report">Bug report</h2>
<div class="level2">
@ -819,7 +825,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT21 SECTION "Bug report" [15106-15170] -->
<!-- EDIT21 SECTION "Bug report" [15297-15361] -->
<h2 class="sectionedit22" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -890,6 +896,6 @@ To translate this doc (Manager help):
</ul>
</div>
<!-- EDIT22 SECTION "Developer corner" [15171-] --></div>
<!-- EDIT22 SECTION "Developer corner" [15362-] --></div>
</body>
</html>

18
doc/pages/documentation/current/totp2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
@ -81,7 +81,7 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level1"><div class="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/2fregisters" class="urlextern" title="https://auth.your.domain/2fregisters" rel="nofollow">https://auth.your.domain/2fregisters</a>)</em></div>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” if users are authorizated to generate themselves TOTP secret</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
@ -93,11 +93,15 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Display existing secret: display an already registered secret (default: disabled)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Change existing secret: authorize a user to change its already registered TOTP secret</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [634-1815] -->
<!-- EDIT2 SECTION "Configuration" [634-1941] -->
<h2 class="sectionedit3" id="enrollment">Enrollment</h2>
<div class="level2">
@ -106,7 +110,7 @@ If you&#039;ve enabled self registration, users can get their key using <a href=
</p>
</div>
<!-- EDIT3 SECTION "Enrollment" [1816-1940] -->
<!-- EDIT3 SECTION "Enrollment" [1942-2066] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<div class="level2">
@ -115,7 +119,7 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT4 SECTION "Assistance" [1941-2056] -->
<!-- EDIT4 SECTION "Assistance" [2067-2182] -->
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -135,8 +139,8 @@ If you have another TOTP registration interface, you have to populate session (u
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [2212-2330] -->
<!-- EDIT6 TABLE [2338-2456] -->
</div>
<!-- EDIT5 SECTION "Developer corner" [2057-] --></div>
<!-- EDIT5 SECTION "Developer corner" [2183-] --></div>
</body>
</html>

22
doc/pages/documentation/current/u2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:u2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,u2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="u2f.html"/>
@ -88,12 +88,12 @@ This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple"
<div class="level2">
<p>
In the manager (advanced parameters), you just have to enable it:
In the manager (second factors), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> U2F ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/2fregisters" class="urlextern" title="https://auth.your.domain/2fregisters" rel="nofollow">https://auth.your.domain/2fregisters</a>)</em></div>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” if users are authorizated to register their keys</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
@ -101,7 +101,7 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_u2fKeyHandle and $_u2fUserKey</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [874-1815] -->
<!-- EDIT3 SECTION "Configuration" [874-1733] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
<ul>
@ -111,9 +111,9 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level2"><div class="li"> 38 to 56 with <a href="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" class="urlextern" title="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" rel="nofollow">U2F Support Add-on</a></div>
</li>
<li class="level2"><div class="li"> 57 to 58, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
<li class="level2"><div class="li"> 57 to 59, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
</li>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 59</div>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 60</div>
</li>
</ul>
</li>
@ -122,7 +122,7 @@ In the manager (advanced parameters), you just have to enable it:
</ul>
</div>
<!-- EDIT4 SECTION "Browser compatibility" [1816-2253] -->
<!-- EDIT4 SECTION "Browser compatibility" [1734-2171] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
@ -131,7 +131,7 @@ If you&#039;ve enabled self registration, users can register their FIDO key usin
</p>
</div>
<!-- EDIT5 SECTION "Enrollment" [2254-2387] -->
<!-- EDIT5 SECTION "Enrollment" [2172-2305] -->
<h2 class="sectionedit6" id="assistance">Assistance</h2>
<div class="level2">
@ -140,7 +140,7 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT6 SECTION "Assistance" [2388-2503] -->
<!-- EDIT6 SECTION "Assistance" [2306-2421] -->
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -160,12 +160,12 @@ If you have another U2F registration interface, you have to populate session (us
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [2658-2776] -->
<!-- EDIT8 TABLE [2576-2694] -->
<p>
Note that both “origin” and “appId” are fixed to portal <abbr title="Uniform Resource Locator">URL</abbr>.
</p>
</div>
<!-- EDIT7 SECTION "Developer corner" [2504-] --></div>
<!-- EDIT7 SECTION "Developer corner" [2422-] --></div>
</body>
</html>

101
doc/pages/documentation/current/utotp2f.html Normal file
View File

@ -0,0 +1,101 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:utotp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,utotp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="utotp2f.html"/>
<link rel="contents" href="utotp2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:utotp2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="u2f-or-totp_2nd_factor_authentication">U2F-or-TOTP 2nd Factor Authentication</h1>
<div class="level1">
<p>
This modules enables simultaneously <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(like Gitlab)</em>. Users can so use their TOTP instead if they don&#039;t have their U2F device.
</p>
<p>
The difference with enabling both U2F and TOTP is that there is only one page displayed instead of displaying first a choice menu.
</p>
<p>
The corresponding registration module authorize U2F registration only if user has already registered a TOTP secret.
</p>
</div>
<!-- EDIT1 SECTION "U2F-or-TOTP 2nd Factor Authentication" [1-463] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
In the manager (advanced parameters), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> Activation: set it to “on”. Note that you should not enable directly <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(except for self-registration: see below)</em></div>
</li>
<li class="level1"><div class="li"> Authentication level: you can overwrite here auth level for registered users. Leave it blank keeps auth level provided by first authentication module (default: 2 for user/password based modules). It is recommended to set an higher value here if you want to give access to some apps only to users enrolled.</div>
</li>
</ul>
<div class="notetip">Every other parameters of <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> can be set in the corresponding 2F modules except that you should not enable them.
</div><div class="noteimportant">If you want to give a different level for U2F or TOTP, leave this parameter blank and set U2F ant TOTP “authentication level” in corresponding modules.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [464-1353] -->
<h3 class="sectionedit3" id="self-registration">Self-registration</h3>
<div class="level3">
<p>
This module has no self-registration. You must use U2F and TOTP self registration modules. Example: suppose you want to authorize U2F registration only if a TOTP secret is registered:
</p>
<ul>
<li class="level1"><div class="li"> TOTP self-registration ⇒ enabled</div>
</li>
<li class="level1"><div class="li"> U2F self-registration ⇒ set to <code>$_totp2fSecret</code></div>
</li>
</ul>
<p>
Automatically, U2F registration will be hidden for unregistered TOTP users and displayed then.
</p>
</div>
<!-- EDIT3 SECTION "Self-registration" [1354-] --></div>
</body>
</html>

120
doc/pages/documentation/current/yubikey2f.html Normal file
View File

@ -0,0 +1,120 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:yubikey2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,yubikey2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="yubikey2f.html"/>
<link rel="contents" href="yubikey2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:yubikey2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#provisioning">Provisioning</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="yubikey_second_factor">Yubikey Second Factor</h1>
<div class="level1">
<p>
The <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> is a small material token shipped by <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. It sends an OTP, which is validated against Yubico server.
</p>
</div>
<!-- EDIT1 SECTION "Yubikey Second Factor" [1-214] -->
<h2 class="sectionedit2" id="prerequisites_and_dependencies">Prerequisites and dependencies</h2>
<div class="level2">
<p>
You need <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> package.
</p>
<p>
You need to get an client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a> page.
</p>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [215-483] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
In the manager (second factors), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> Self registration: set it to “on” if users are authorizated to register their keys</div>
</li>
<li class="level1"><div class="li"> Authentication level: you can overwrite here auth level for Yubikey registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
<li class="level1"><div class="li"> Client ID: given by Yubico or another service</div>
</li>
<li class="level1"><div class="li"> <abbr title="Application Programming Interface">API</abbr> secret key: given by Yubico or another service</div>
</li>
<li class="level1"><div class="li"> Nonce (optional): if any</div>
</li>
<li class="level1"><div class="li"> <abbr title="Uniform Resource Locator">URL</abbr>: Url of service (leave blank to use Yubico cloud services)</div>
</li>
<li class="level1"><div class="li"> OTP public ID part size: leave it to default (12) unless you know what you are doing</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_yubikeys</code>, else Yubikey will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [484-1599] -->
<h2 class="sectionedit4" id="provisioning">Provisioning</h2>
<div class="level2">
<p>
If you don&#039;t want to use self-registration, set public part of user&#039;s yubikey <em>(12 first characters)</em> in an attribute mapped to <code>_yubikeys</code>. Multiples values are allowed (space or comma separated).
</p>
</div>
<!-- EDIT4 SECTION "Provisioning" [1600-] --></div>
</body>
</html>

2
fastcgi-server/man/llng-fastcgi-server.1p
View File

@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 1"
.TH llng-fastcgi-server 1 "2018-03-14" "perl v5.26.1" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 1 "2018-03-20" "perl v5.26.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

7
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -247,9 +247,11 @@ sub defaultValues {
'totp2fDigits' => 6,
'totp2fInterval' => 30,
'totp2fRange' => 1,
'totp2fSelfRegistration' => 0,
'trustedProxies' => '',
'twitterAuthnLevel' => 1,
'u2fActivation' => 0,
'u2fSelfRegistration' => 0,
'u2fUserCanRemoveKey' => 1,
'upgradeSession' => 1,
'userControl' => '^[\\w\\.\\-@]+$',
@ -260,8 +262,9 @@ sub defaultValues {
'webIDAuthnLevel' => 1,
'webIDExportedVars' => {},
'whatToTrace' => 'uid',
'yubikeyAuthnLevel' => 3,
'yubikeyPublicIDSize' => 12
'yubikey2fActivation' => 0,
'yubikey2fPublicIDSize' => 12,
'yubikey2fSelfRegistration' => 0
};
}

1
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
View File

@ -57,7 +57,6 @@ our $authParameters = {
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName)],
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
yubikeyParams => [qw(yubikeyAuthnLevel yubikeyClientID yubikeySecretKey yubikeyPublicIDSize)],
};
our $issuerParameters = {
issuerDBCAS => [qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule casAttr casAttributes casAccessControlPolicy)],

41
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -368,10 +368,6 @@ sub attributes {
'k' => 'WebID',
'v' => 'WebID'
},
{
'k' => 'Yubikey',
'v' => 'Yubikey'
},
{
'k' => 'Custom',
'v' => 'customModule'
@ -546,10 +542,6 @@ sub attributes {
'k' => 'WebID',
'v' => 'WebID'
},
{
'k' => 'Yubikey',
'v' => 'Yubikey'
},
{
'k' => 'Demo',
'v' => 'Demonstration'
@ -821,10 +813,6 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'k' => 'WebID',
'v' => 'WebID'
},
{
'k' => 'Yubikey',
'v' => 'Yubikey'
},
{
'k' => 'Demo',
'v' => 'Demonstration'
@ -3229,7 +3217,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
},
'totp2fSelfRegistration' => {
'default' => 0,
'type' => 'bool'
'type' => 'boolOrExpr'
},
'totp2fUserCanChangeKey' => {
'default' => 0,
@ -3264,7 +3252,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
},
'u2fSelfRegistration' => {
'default' => 0,
'type' => 'bool'
'type' => 'boolOrExpr'
},
'u2fUserCanRemoveKey' => {
'default' => 1,
@ -3411,18 +3399,31 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'default' => 'uid',
'type' => 'lmAttrOrMacro'
},
'yubikeyAuthnLevel' => {
'default' => 3,
'type' => 'int'
'yubikey2fActivation' => {
'default' => 0,
'type' => 'boolOrExpr'
},
'yubikeyClientID' => {
'yubikey2fAuthnLevel' => {
'type' => 'int'
},
'yubikey2fClientID' => {
'type' => 'text'
},
'yubikeyPublicIDSize' => {
'yubikey2fNonce' => {
'type' => 'text'
},
'yubikey2fPublicIDSize' => {
'default' => 12,
'type' => 'int'
},
'yubikeySecretKey' => {
'yubikey2fSecretKey' => {
'type' => 'text'
},
'yubikey2fSelfRegistration' => {
'default' => 0,
'type' => 'boolOrExpr'
},
'yubikey2fUrl' => {
'type' => 'text'
},
'zimbraAccountKey' => {

59
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -1063,7 +1063,7 @@ sub attributes {
documentation => 'U2F activation',
},
u2fSelfRegistration => {
type => 'bool',
type => 'boolOrExpr',
default => 0,
documentation => 'U2F self registration activation',
},
@ -1085,7 +1085,7 @@ sub attributes {
documentation => 'TOTP activation',
},
totp2fSelfRegistration => {
type => 'bool',
type => 'boolOrExpr',
default => 0,
documentation => 'TOTP self registration activation',
},
@ -1201,6 +1201,44 @@ sub attributes {
documentation => 'Custom logo for REST 2F',
},
# Yubikey 2FA
yubikey2fActivation => {
type => 'boolOrExpr',
default => 0,
documentation => 'Yubikey second factor activation',
},
yubikey2fSelfRegistration => {
type => 'boolOrExpr',
default => 0,
documentation => 'Yubikey self registration activation',
},
yubikey2fAuthnLevel => {
type => 'int',
documentation =>
'Authentication level for users authentified by Yubikey second factor'
},
yubikey2fClientID => {
type => 'text',
documentation => 'Yubico client ID',
},
yubikey2fSecretKey => {
type => 'text',
documentation => 'Yubico secret key',
},
yubikey2fNonce => {
type => 'text',
documentation => 'Yubico nonce',
},
yubikey2fUrl => {
type => 'text',
documentation => 'Yubico server',
},
yubikey2fPublicIDSize => {
type => 'int',
default => 12,
documentation => 'Yubikey public ID size',
},
# Single session
notifyDeleted => {
default => 1,
@ -2096,7 +2134,6 @@ sub attributes {
{ k => 'SSL', v => 'SSL' },
{ k => 'Twitter', v => 'Twitter' },
{ k => 'WebID', v => 'WebID' },
{ k => 'Yubikey', v => 'Yubikey' },
{ k => 'Demo', v => 'Demonstration' },
{ k => 'Choice', v => 'authChoice' },
{ k => 'Combination', v => 'combineMods' },
@ -2676,7 +2713,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'SSL', v => 'SSL' },
{ k => 'Twitter', v => 'Twitter' },
{ k => 'WebID', v => 'WebID' },
{ k => 'Yubikey', v => 'Yubikey' },
{ k => 'Custom', v => 'customModule' },
],
[
@ -2735,7 +2771,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'SSL', v => 'SSL' },
{ k => 'Twitter', v => 'Twitter' },
{ k => 'WebID', v => 'WebID' },
{ k => 'Yubikey', v => 'Yubikey' },
{ k => 'Demo', v => 'Demonstration' },
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
{ k => 'OpenID', v => 'OpenID' },
@ -2749,20 +2784,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
],
},
# Yubikey
yubikeyAuthnLevel => {
type => 'int',
default => 3,
documentation => 'Yubikey authentication level',
},
yubikeyClientID => { type => 'text', },
yubikeySecretKey => { type => 'text', },
yubikeyPublicIDSize => {
type => 'int',
default => 12,
documentation => 'Yubikey public ID size',
},
# Custom auth modules
customAuth => {
type => 'text',

24
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -388,15 +388,6 @@ sub tree {
'webIDWhitelist'
]
},
{
title => 'yubikeyParams',
help => 'authyubikey.html',
form => 'simpleInputContainer',
nodes => [
'yubikeyAuthnLevel', 'yubikeyClientID',
'yubikeySecretKey', 'yubikeyPublicIDSize'
]
},
{
title => 'customParams',
help => 'authcustom.html',
@ -702,6 +693,21 @@ sub tree {
'rest2fLogo',
]
},
{
title => 'yubikey2f',
help => 'yubikey2f.html',
form => 'simpleInputContainer',
nodes => [
'yubikey2fActivation',
'yubikey2fSelfRegistration',
'yubikey2fAuthnLevel',
'yubikey2fClientID',
'yubikey2fSecretKey',
'yubikey2fNonce',
'yubikey2fUrl',
'yubikey2fPublicIDSize',
],
},
]
},
{

16
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -722,7 +722,7 @@
"totp2fInterval":"Interval",
"totp2fIssuer":"TOTP Issuer name",
"totp2fRange":"Range of attempts",
"totp2fSelfRegistration":"Self registration",
"totp2fSelfRegistration":"التسجيل الذاتي",
"totp2fUserCanChangeKey":"Change existing secret",
"trustedDomains":"النطاقات الموثوق بها",
"trustedProxies":"عناوين الآي بي البروكسي الموثوق بها",
@ -788,11 +788,15 @@
"whatToTrace":"المستخدم_البعيد",
"whiteList":"القائمة البيضاء",
"XMLcontent":"محتوى XML",
"yubikeyAuthnLevel":"مستوى إثبات الهوية",
"yubikeyClientID":"API العميل ID",
"yubikeyParams":"معاييرYubikey",
"yubikeyPublicIDSize":"حجم الجزء العام لي OTP آي دي",
"yubikeySecretKey":"مفتاح سرأل API",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"تفعيل",
"yubikey2fAuthnLevel":"مستوى إثبات الهوية",
"yubikey2fClientID":"API العميل ID",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"حجم الجزء العام لي OTP آي دي",
"yubikey2fSecretKey":"مفتاح سرأل API",
"yubikey2fSelfRegistration":"التسجيل الذاتي",
"yubikey2fUrl":"Service URL",
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول",
"saml":"SAML",

14
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -788,11 +788,15 @@
"whatToTrace":"REMOTE_USER",
"whiteList":"White list",
"XMLcontent":"XML content",
"yubikeyAuthnLevel":"Authentication level",
"yubikeyClientID":"API client ID",
"yubikeyParams":"Yubikey parameters",
"yubikeyPublicIDSize":"OTP public ID part size",
"yubikeySecretKey":"API secret key",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"Activation",
"yubikey2fAuthnLevel":"Authentication level",
"yubikey2fClientID":"API client ID",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"OTP public ID part size",
"yubikey2fSecretKey":"API secret key",
"yubikey2fSelfRegistration":"Self registration",
"yubikey2fUrl":"Service URL",
"zeroConfExplanations":"Server has no configuration. Use template to save the first.",
"saml":"SAML",

14
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -788,11 +788,15 @@
"whatToTrace":"REMOTE_USER",
"whiteList":"Liste blanche",
"XMLcontent":"Contenu XML",
"yubikeyAuthnLevel":"Niveau d'authentification",
"yubikeyClientID":"Identifiant client de l'API",
"yubikeyParams":"Paramètres Yubikey",
"yubikeyPublicIDSize":"Taille de la partie publique de l'OTP",
"yubikeySecretKey":"Clef secrète de l'API",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"Activation",
"yubikey2fAuthnLevel":"Niveau d'authentification",
"yubikey2fClientID":"Identifiant client de l'API",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"Taille de la partie publique de l'OTP",
"yubikey2fSecretKey":"Clef secrète de l'API",
"yubikey2fSelfRegistration":"Auto-enregistrement",
"yubikey2fUrl":"URL du service",
"zeroConfExplanations":"Le serveur ne dispose pas de configuration. Cette configuration de base vous permet d'en initialiser une.",
"saml":"SAML",

16
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -722,7 +722,7 @@
"totp2fInterval":"Interval",
"totp2fIssuer":"TOTP Issuer name",
"totp2fRange":"Range of attempts",
"totp2fSelfRegistration":"Self registration",
"totp2fSelfRegistration":"Auto-registrazione",
"totp2fUserCanChangeKey":"Change existing secret",
"trustedDomains":"Domini attendibili",
"trustedProxies":"IP proxy attendibili",
@ -788,11 +788,15 @@
"whatToTrace":"\nREMOTE_USER",
"whiteList":"Lista bianca",
"XMLcontent":"Contenuto XML",
"yubikeyAuthnLevel":"Livello di autenticazione",
"yubikeyClientID":"ID client API",
"yubikeyParams":"Parametri Yubikey",
"yubikeyPublicIDSize":"Dimensione della parte ID OTP pubblica",
"yubikeySecretKey":"Chiave segreta API",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"Attivazione",
"yubikey2fAuthnLevel":"Livello di autenticazione",
"yubikey2fClientID":"ID client API",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"Dimensione della parte ID OTP pubblica",
"yubikey2fSecretKey":"Chiave segreta API",
"yubikey2fSelfRegistration":"Auto-registrazione",
"yubikey2fUrl":"Service URL",
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo.",
"saml":"SAML",

21
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -722,7 +722,7 @@
"totp2fInterval":"Interval",
"totp2fIssuer":"TOTP Issuer name",
"totp2fRange":"Range of attempts",
"totp2fSelfRegistration":"Self registration",
"totp2fSelfRegistration":"Tự đăng ký",
"totp2fUserCanChangeKey":"Change existing secret",
"trustedDomains":"Miền tin cậy",
"trustedProxies":"proxies IP tin cậy",
@ -736,7 +736,12 @@
"u2fActivation":"Kích hoạt",
"u2fAuthnLevel":"Mức xác thực U2F",
"u2fUserCanRemoveKey":"Authorize user to remove U2F key",
<<<<<<< HEAD
"u2fSelfRegistration":"Tự đăng ký ",
=======
"u2fSelfRegistration":"Tự đăng ký",
"u2fSessions":"U2F sessions explorer",
>>>>>>> master
"uid":"Trình định danh",
"unknownAttrOrMacro":"Thuộc tính hoặc macro chưa xác định",
"unknownError":"Lỗi không xác định",
@ -788,11 +793,15 @@
"whatToTrace":"REMOTE_USER",
"whiteList":"Danh sách trắng",
"XMLcontent":"Nội dung XML",
"yubikeyAuthnLevel":"Mức xác thực",
"yubikeyClientID":"ID ứng dụng khách API",
"yubikeyParams":"Tham số Yubikey",
"yubikeyPublicIDSize":"Kích thước phần tử công khai OTP",
"yubikeySecretKey":"Khóa bí mật API",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"Kích hoạt",
"yubikey2fAuthnLevel":"Mức xác thực",
"yubikey2fClientID":"ID ứng dụng khách API",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"Kích thước phần tử công khai OTP",
"yubikey2fSecretKey":"Khóa bí mật API",
"yubikey2fSelfRegistration":"Tự đăng ký",
"yubikey2fUrl":"Service URL",
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. ",
"saml":"SAML",

2
lemonldap-ng-manager/site/htdocs/static/reverseTree.json
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

4
lemonldap-ng-portal/MANIFEST
View File

@ -13,10 +13,12 @@ lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
lib/Lemonldap/NG/Portal/2F/Ext2F.pm
lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
lib/Lemonldap/NG/Portal/2F/REST.pm
lib/Lemonldap/NG/Portal/2F/TOTP.pm
lib/Lemonldap/NG/Portal/2F/U2F.pm
lib/Lemonldap/NG/Portal/2F/UTOTP.pm
lib/Lemonldap/NG/Portal/2F/Yubikey.pm
lib/Lemonldap/NG/Portal/Auth.pod
lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
lib/Lemonldap/NG/Portal/Auth/AD.pm
@ -44,7 +46,6 @@ lib/Lemonldap/NG/Portal/Auth/Slave.pm
lib/Lemonldap/NG/Portal/Auth/SSL.pm
lib/Lemonldap/NG/Portal/Auth/Twitter.pm
lib/Lemonldap/NG/Portal/Auth/WebID.pm
lib/Lemonldap/NG/Portal/Auth/Yubikey.pm
lib/Lemonldap/NG/Portal/CDC.pm
lib/Lemonldap/NG/Portal/Issuer/CAS.pm
lib/Lemonldap/NG/Portal/Issuer/Get.pm
@ -321,6 +322,7 @@ site/templates/bootstrap/u2fcheck.tpl
site/templates/bootstrap/u2fregister.tpl
site/templates/bootstrap/upgradesession.tpl
site/templates/bootstrap/utotp2fcheck.tpl
site/templates/bootstrap/yubikey2fregister.tpl
site/templates/bootstrap/yubikeyform.tpl
site/templates/common/bullet_go.png
site/templates/common/key.png

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
View File

@ -34,8 +34,8 @@ sub init {
my ($self) = @_;
# Set default 2F list
$self->conf->{available2F} ||= 'UTOTP,TOTP,U2F,REST,Ext2F';
$self->conf->{available2FSelfRegistration} ||= 'TOTP,U2F';
$self->conf->{available2F} ||= 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey';
$self->conf->{available2FSelfRegistration} ||= 'TOTP,U2F,Yubikey';
# Load 2F modules
for my $i ( 0 .. 1 ) {

53
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm Normal file
View File

@ -0,0 +1,53 @@
package Lemonldap::NG::Portal::2F::Register::Yubikey;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_FORMEMPTY
PE_ERROR
PE_OK
);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
has prefix => ( is => 'rw', default => 'yubikey' );
has template => ( is => 'ro', default => 'yubikey2fregister' );
has logo => ( is => 'rw', default => 'u2f.png' );
sub init {
my ($self) = @_;
$self->conf->{yubikey2fPublicIDSize} ||= 12;
return 1;
}
# RUNNING METHODS
# Main method
sub run {
my ( $self, $req, $action ) = @_;
if ( $action eq 'register' ) {
my $otp = $req->param('otp');
if ( $otp and length($otp) > 12 ) {
my $keys = $req->userData->{_yubikeys} || '';
$keys .= ( $keys ? ', ' : '' )
. substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
$self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
}
else {
$self->userLogger->error('Yubikey 2F: no code');
return PE_FORMEMPTY;
}
}
else {
$self->userLogger->error("Unknown Yubikey action $action");
return PE_ERROR;
}
}
1;

109
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm Normal file
View File

@ -0,0 +1,109 @@
package Lemonldap::NG::Portal::2F::Yubikey;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
PE_FORMEMPTY
PE_OK
PE_SENDRESPONSE
);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
# INITIALIZATION
has prefix => ( is => 'ro', default => 'yubikey' );
has logo => ( is => 'rw', default => 'u2f.png' );
has yubi => ( is => 'rw' );
sub init {
my ($self) = @_;
eval { require Auth::Yubikey_WebClient };
if ($@) {
$self->logger->error($@);
return 0;
}
if ( $self->conf->{yubikey2fSelfRegistration}
and $self->conf->{yubikey2fActivation} eq '1' )
{
$self->conf->{yubikey2fActivation} = '$_yubikeys';
}
unless ($self->conf->{yubikey2fClientID}
and $self->conf->{yubikey2fSecretKey} )
{
$self->logger->error(
"Missing mandatory parameters (Client ID and secret key)");
return 0;
}
$self->conf->{yubikey2fPublicIDSize} ||= 12;
$self->yubi(
Auth::Yubikey_WebClient->new(
{
id => $self->conf->{yubikey2fClientID},
api => $self->conf->{yubikey2fSecretKey},
nonce => $self->conf->{yubikey2fNonce},
url => $self->conf->{yubikey2fUrl}
}
)
);
return $self->SUPER::init();
}
sub run {
my ( $self, $req, $token ) = @_;
unless ( $req->{sessionInfo}->{_yubikeys} ) {
$self->userLogger->warn( 'User '
. $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
. ' has no Yubikey registered' );
return PE_BADCREDENTIALS;
}
# Prepare form
my $tmp = $self->p->sendHtml(
$req,
'ext2fcheck',
params => {
SKIN => $self->conf->{portalSkin},
TOKEN => $token,
TARGET => '/yubikey2fcheck',
INPUTLOGO => 'yubikey.png',
LEGEND => 'clickOnYubikey',
}
);
$self->logger->debug("Display Yubikey form");
$req->response($tmp);
return PE_SENDRESPONSE;
}
sub verify {
my ( $self, $req, $session ) = @_;
my $code;
unless ( $code = $req->param('code') ) {
$self->userLogger->error('Yubikey 2F: no code');
return PE_FORMEMPTY;
}
# Verify OTP
if (
index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
$session->{_yubikeys} ) == -1
)
{
$self->userLogger->warn('Yubikey not registered');
return PE_BADCREDENTIALS;
}
if ( $self->yubi->otp($code) ne 'OK' ) {
$self->userLogger->warn('Yubikey verification failed');
return PE_BADCREDENTIALS;
}
PE_OK;
}
1

76
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Yubikey.pm
View File

@ -1,76 +0,0 @@
package Lemonldap::NG::Portal::Auth::Yubikey;
use strict;
use Mouse;
use JSON;
use Lemonldap::NG::Common::UserAgent;
use HTTP::Request;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FORMEMPTY);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Auth';
# INITIALIZATION
# Try to load Yubikey perl module
sub init {
my ($self) = @_;
eval { require Auth::Yubikey_WebClient };
if ($@) {
$self->error($@);
return 0;
}
unless ($self->conf->{yubikeyClientID}
and $self->conf->{yubikeySecretKey} )
{
$self->logger->error(
"Missing mandatory parameters (Client ID and secret key)");
return 0;
}
$self->conf->{yubikeyPublicIDSize} ||= 12;
return 1;
}
sub extractFormInfo {
my ( $self, $req ) = @_;
# Get OTP
my $otp = $req->param('yubikeyOTP');
return PE_FORMEMPTY unless $otp;
$self->logger->debug("Received Yubikey OTP $otp");
# Verify OTP
my $result = Auth::Yubikey_WebClient::yubikey_webclient(
$otp,
$self->conf->{yubikeyClientID},
$self->conf->{yubikeySecretKey}
);
# Store user, which is the public ID part of the OTP
$req->{user} = substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
PE_OK;
}
sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} =
$self->conf->{yubikeyAuthnLevel};
PE_OK;
}
sub authLogout {
PE_OK;
}
sub getDisplayType {
return 'yubikeyform';
}
1;

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
View File

@ -33,6 +33,7 @@ has noRoute => ( is => 'ro' );
sub init {
my ($self) = @_;
unless ( $self->noRoute ) {
$self->logger->debug('Adding '.$self->prefix . '2fcheck routes');
$self->addUnauthRoute(
$self->prefix . '2fcheck' => '_verify',
['POST']

3
lemonldap-ng-portal/site/htdocs/static/languages/ar.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها",
"clickHere":"الرجاء الضغط هنا",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"أغلق جلسة الدخول الموحد (سسو)",
"code": "الشفرة",
"confirmation":"التأكيد",
@ -121,8 +122,8 @@
"enterCred":"الرجاء إدخال بيانات الاعتماد الخاصة بك",
"enterExt2fCode":"تم إرسال رمز إليك. الرجاء إدخاله",
"enterOpenIDLogin":"الرجاء إدخال تسجيل الدخول الأوبين إيدي الخاص بك",
"enterYubikey":"يرجى استخدام يوبي كي الخاص بك",
"enterTotpCode":"Enter TOTP code",
"enterYubikey":"يرجى استخدام يوبي كي الخاص بك",
"errorMsg":"رسالة خاطئة",
"fillTheForm":"Fill the form",
"firstName":"الاسم الاول",

1
lemonldap-ng-portal/site/htdocs/static/languages/de.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code": "Code",
"confirmation":"Confirmation",

1
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code": "Code",
"confirmation":"Confirmation",

3
lemonldap-ng-portal/site/htdocs/static/languages/es.json
View File

@ -104,9 +104,10 @@
"changeKey": "Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"chooseApp":"Choose an application your are allowed to access to",
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code": "Code",
"confirmation":"Confirmation",

1
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choisissez votre second facteur",
"chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder",
"clickHere":"Cliquez ici",
"clickOnYubikey":"Cliquez sur votre Yubikey",
"closeSSO":"Fermer votre Session SSO",
"code": "Code",
"confirmation":"Confirmation",

1
lemonldap-ng-portal/site/htdocs/static/languages/it.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
"clickHere":"Per favore clicka qui",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Chiudi la sessione SSO",
"code": "Codice",
"confirmation":"Conferma",

1
lemonldap-ng-portal/site/htdocs/static/languages/nl.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code": "Code",
"confirmation":"Confirmation",

1
lemonldap-ng-portal/site/htdocs/static/languages/pt.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code": "Code",
"confirmation":"Confirmation",

1
lemonldap-ng-portal/site/htdocs/static/languages/ro.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code": "Code",
"confirmation":"Confirmation",

1
lemonldap-ng-portal/site/htdocs/static/languages/vi.json
View File

@ -107,6 +107,7 @@
"choose2f":"Choose your second factor",
"chooseApp":"Chọn một ứng dụng bạn được phép truy cập vào",
"clickHere":"Vui lòng nhấp vào đây",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Đóng phiên SSO của bạn",
"code": "Mã",
"confirmation":"Xác nhận",

2
lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
View File

@ -2,7 +2,7 @@
<main id="logincontent" class="container">
<div class="message message-positive alert"><span trspan="enterExt2fCode"></span></div>
<div class="message message-positive alert"><span trspan="<TMPL_IF "LEGEND"><TMPL_VAR "LEGEND"><TMPL_ELSE>enterExt2fCode</TMPL_IF>"></span></div>
<div class="panel panel-default">

33
lemonldap-ng-portal/site/templates/bootstrap/u2fregister.tpl
View File

@ -7,22 +7,23 @@
<main id="menucontent" class="container">
<div class="panel panel-info">
<div class="panel-body">
<div id="u2fPermission" trspan="u2fPermission" class="alert alert-info">You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.</div>
<div class="buttons">
<span id="register" class="btn btn-warning" role="button">
<span class="glyphicon glyphicon-plus-sign"></span>&nbsp;
<span trspan="register">Register</span>
</span>
<span id="verify" class="btn btn-success" role="button">
<span class="glyphicon glyphicon-check"></span>&nbsp;
<span trspan="verify">Verify</span>
</span>
<span id="unregister" class="btn btn-danger" role="button">
<span class="glyphicon glyphicon-minus-sign"></span>&nbsp;
<span trspan="unregister">Unregister</span>
</span>
</div>
</div>
<div id="u2fPermission" trspan="u2fPermission" class="alert alert-info">You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.
</div>
<div class="buttons">
<span id="register" class="btn btn-warning" role="button">
<span class="glyphicon glyphicon-plus-sign"></span>&nbsp;
<span trspan="register">Register</span>
</span>
<span id="verify" class="btn btn-success" role="button">
<span class="glyphicon glyphicon-check"></span>&nbsp;
<span trspan="verify">Verify</span>
</span>
<span id="unregister" class="btn btn-danger" role="button">
<span class="glyphicon glyphicon-minus-sign"></span>&nbsp;
<span trspan="unregister">Unregister</span>
</span>
</div>
</div>
</div>
</main>

25
lemonldap-ng-portal/site/templates/bootstrap/yubikey2fregister.tpl Normal file
View File

@ -0,0 +1,25 @@
<TMPL_INCLUDE NAME="header.tpl">
<div class="container">
<div id="color" class="message message-positive alert"><span id="msg" trspan="clickOnYubikey"></span></div>
</div>
<main id="menucontent" class="container">
<div class="panel panel-info">
<div class="panel-body">
<form action="/2fregisters/yubikey/register" method="post">
<div class="form-group">
<input id="otp" name="otp" />
</div>
</form>
</div>
</div>
</main>
<div class="buttons">
<a id="goback" href="<TMPL_VAR NAME="PORTAL_URL"><TMPL_IF NAME="AUTH_URL">/?url=<TMPL_VAR NAME="AUTH_URL"></TMPL_IF>" class="btn btn-primary" role="button">
<span class="glyphicon glyphicon-home"></span>&nbsp;
<span trspan="goToPortal">Go to portal</span>
</a>
</div>
<TMPL_INCLUDE NAME="footer.tpl">

64
omegat.files/fr/fr-level1.tmx
View File

@ -2170,14 +2170,6 @@ dirName = /usr/local/lemonldap-ng/data/conf</seg>
&lt;/EntityDescriptor&gt;</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>uid: 123456789012</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T163048Z" changeid="xavier">
<seg>uid: 123456789012</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>URL parameter: parameter name used to set choice value (default: lmAuth)</seg>
@ -2286,14 +2278,6 @@ make debian-packages</seg>
<seg>L'URI de la page qui contient le formulaire</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>API client ID: API client ID from Yubico</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162521Z" changeid="xavier">
<seg>Identifiant client de l'API : identifiant client de l'API obtenu auprès de Yubico</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>ldapBindDN: LDAP user.</seg>
@ -11184,14 +11168,6 @@ portalSkin = dark</seg>
<seg>Le menu est affiché si l'authentification est réussie.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>uid: coudot</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T163046Z" changeid="xavier">
<seg>uid: coudot</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>This part is based on SimpleSAMLPHP documentation.</seg>
@ -11304,14 +11280,6 @@ portalSkin = dark</seg>
<seg>Si non, aller dans le manager et déclarer le manager comme un nouvel hôte virtuel, par exemple manager.example.com.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Then, go in Yubikey parameters:</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162410Z" changeid="xavier">
<seg>Ensuite, aller dans les paramètres Yubikey:</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg># Internal call to FastCGI server</seg>
@ -12386,14 +12354,6 @@ portalSkin = dark</seg>
<seg>Identifiant CAS : la clef de session à utiliser pour compléter le login (valeur transmise au clients CAS).</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>API secret key: API secret key from Yubico</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162610Z" changeid="xavier">
<seg>Clef secrète de l'API : clef secrète de l'API obtenue auprès de Yubico</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Display Name: should be displayed on IDP, this is often your society name</seg>
@ -13158,14 +13118,6 @@ sub function1 {</seg>
<seg>Rejeu de formulaires</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>In Manager, go in General Parameters &gt; Authentication modules and choose Yubikey for authentication module.</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162359Z" changeid="xavier">
<seg>Dans le manager, allez dans Paramètres generaux &gt; Modules d'authentification et choisissez Yubikey comme module d'authentication.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Can be overridden by an LDAP URI in server host.</seg>
@ -19056,14 +19008,6 @@ $lemonldap_config = Array(</seg>
<seg>_url</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>OTP public ID part size: Part of Yubikey OTP that will be used as the media identifier (default: 12)</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162843Z" changeid="xavier">
<seg>Taille de la partie publique de l'OTP : Partie du mot-de-passe unique Yubikey utilisée pour identifier les matériels (défaut: 12)</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>applications:obm_logo.png</seg>
@ -27020,14 +26964,6 @@ CUSTOM_FUNCTIONS_FILE=/root/SSOExtensions.pm</seg>
<seg>http://httpd.apache.org/docs/2.2/mod/mod_ssl.html</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>For example it can be stored as a second value of the uid attribute in the LDAP directory:</seg>
</tuv>
<tuv lang="FR-FR" changedate="20160301T054824Z" changeid="xavier">
<seg>Par exemple il peut être stocké comme seconde valeur de l'attibut uid dans un annuaire LDAP :</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Map the container port 80 to host port 80 (option -p)</seg>

64
omegat.files/fr/fr-level2.tmx
View File

@ -2170,14 +2170,6 @@ apachectl restart</seg>
<bpt i='5' x='5'>&lt;s5&gt;</bpt><bpt i='6' x='6'>&lt;s6&gt;</bpt>&lt;/EntityDescriptor<bpt i='7' x='7'>&lt;s7&gt;</bpt>&gt;<ept i='7'>&lt;/s7&gt;</ept><ept i='6'>&lt;/s6&gt;</ept><ept i='5'>&lt;/s5&gt;</ept></seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>uid: 123456789012</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T163048Z" changeid="xavier">
<seg>uid: 123456789012</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt><bpt i='1' x='1'>&lt;a1&gt;</bpt>URL<ept i='1'>&lt;/a1&gt;</ept> parameter<ept i='0'>&lt;/s0&gt;</ept>: parameter name used to set choice value (default: <bpt i='2' x='2'>&lt;c2&gt;</bpt>lmAuth<ept i='2'>&lt;/c2&gt;</ept>)</seg>
@ -2286,14 +2278,6 @@ make debian-packages</seg>
<seg>L'<bpt i='0' x='0'>&lt;a0&gt;</bpt>URI<ept i='0'>&lt;/a0&gt;</ept> de la page qui contient le formulaire</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt><bpt i='1' x='1'>&lt;a1&gt;</bpt>API<ept i='1'>&lt;/a1&gt;</ept> client ID<ept i='0'>&lt;/s0&gt;</ept>: <bpt i='2' x='2'>&lt;a2&gt;</bpt>API<ept i='2'>&lt;/a2&gt;</ept> client ID from Yubico</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T162521Z" changeid="xavier">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>Identifiant client de l'<bpt i='1' x='1'>&lt;a1&gt;</bpt>API<ept i='1'>&lt;/a1&gt;</ept><ept i='0'>&lt;/s0&gt;</ept> : identifiant client de l'<bpt i='2' x='2'>&lt;a2&gt;</bpt>API<ept i='2'>&lt;/a2&gt;</ept> obtenu auprès de Yubico</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>ldapBindDN<ept i='0'>&lt;/s0&gt;</ept>: LDAP user.</seg>
@ -11184,14 +11168,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>Le menu est affiché si l'authentification est réussie.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>uid: coudot</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T163046Z" changeid="xavier">
<seg>uid: coudot</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>This part is based on <bpt i='0' x='0'>&lt;a0&gt;</bpt>SimpleSAMLPHP documentation<ept i='0'>&lt;/a0&gt;</ept>.</seg>
@ -11304,14 +11280,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>Si non, aller dans le manager et déclarer le manager comme un nouvel <bpt i='0' x='0'>&lt;a0&gt;</bpt>hôte virtuel<ept i='0'>&lt;/a0&gt;</ept>, par exemple <bpt i='1' x='1'>&lt;c1&gt;</bpt>manager.example.com<ept i='1'>&lt;/c1&gt;</ept>.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Then, go in <bpt i='0' x='0'>&lt;c0&gt;</bpt>Yubikey parameters<ept i='0'>&lt;/c0&gt;</ept>:</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T162410Z" changeid="xavier">
<seg>Ensuite, aller dans les <bpt i='0' x='0'>&lt;c0&gt;</bpt>paramètres Yubikey<ept i='0'>&lt;/c0&gt;</ept>:</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg># Internal call to FastCGI server</seg>
@ -12386,14 +12354,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>Identifiant <bpt i='1' x='1'>&lt;a1&gt;</bpt>CAS<ept i='1'>&lt;/a1&gt;</ept><ept i='0'>&lt;/s0&gt;</ept> : la clef de session à utiliser pour compléter le login (valeur transmise au clients <bpt i='2' x='2'>&lt;a2&gt;</bpt>CAS<ept i='2'>&lt;/a2&gt;</ept>).</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt><bpt i='1' x='1'>&lt;a1&gt;</bpt>API<ept i='1'>&lt;/a1&gt;</ept> secret key<ept i='0'>&lt;/s0&gt;</ept>: <bpt i='2' x='2'>&lt;a2&gt;</bpt>API<ept i='2'>&lt;/a2&gt;</ept> secret key from Yubico</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T162610Z" changeid="xavier">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>Clef secrète de l'<bpt i='1' x='1'>&lt;a1&gt;</bpt>API<ept i='1'>&lt;/a1&gt;</ept><ept i='0'>&lt;/s0&gt;</ept> : clef secrète de l'<bpt i='2' x='2'>&lt;a2&gt;</bpt>API<ept i='2'>&lt;/a2&gt;</ept> obtenue auprès de Yubico</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>Display Name<ept i='0'>&lt;/s0&gt;</ept>: should be displayed on IDP, this is often your society name</seg>
@ -13158,14 +13118,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>Rejeu de formulaires</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>In Manager, go in <bpt i='0' x='0'>&lt;c0&gt;</bpt>General Parameters<ept i='0'>&lt;/c0&gt;</ept> &gt; <bpt i='1' x='1'>&lt;c1&gt;</bpt>Authentication modules<ept i='1'>&lt;/c1&gt;</ept> and choose Yubikey for authentication module.</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T162359Z" changeid="xavier">
<seg>Dans le manager, allez dans <bpt i='0' x='0'>&lt;c0&gt;</bpt>Paramètres generaux<ept i='0'>&lt;/c0&gt;</ept> &gt; <bpt i='1' x='1'>&lt;c1&gt;</bpt>Modules d'authentification<ept i='1'>&lt;/c1&gt;</ept> et choisissez Yubikey comme module d'authentication.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Can be overridden by an LDAP <bpt i='1' x='1'>&lt;a1&gt;</bpt>URI<ept i='1'>&lt;/a1&gt;</ept> in server host.</seg>
@ -19056,14 +19008,6 @@ a2ensite test-apache2.conf</seg>
<seg>_url</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>OTP public ID part size<ept i='0'>&lt;/s0&gt;</ept>: Part of Yubikey OTP that will be used as the media identifier (default: 12)</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120226T162843Z" changeid="xavier">
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>Taille de la partie publique de l'OTP<ept i='0'>&lt;/s0&gt;</ept> : Partie du mot-de-passe unique Yubikey utilisée pour identifier les matériels (défaut: 12)</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>applications:obm_logo.png</seg>
@ -27020,14 +26964,6 @@ CUSTOM_FUNCTIONS_FILE=/root/SSOExtensions.pm</seg>
<seg>http://httpd.apache.org/docs/2.2/mod/mod_ssl.html</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>For example it can be stored as a second value of the uid attribute in the LDAP directory:</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20160301T054824Z" changeid="xavier">
<seg>Par exemple il peut être stocké comme seconde valeur de l'attibut uid dans un annuaire LDAP :</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Map the container port 80 to host port 80 (option -p)</seg>

64
omegat.files/fr/fr-omegat.tmx
View File

@ -2170,14 +2170,6 @@ apachectl restart</seg>
&lt;s5&gt;&lt;s6&gt;&lt;/EntityDescriptor&lt;s7&gt;&gt;&lt;/s7&gt;&lt;/s6&gt;&lt;/s5&gt;</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>uid: 123456789012</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T163048Z" changeid="xavier">
<seg>uid: 123456789012</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>&lt;s0&gt;&lt;a1&gt;URL&lt;/a1&gt; parameter&lt;/s0&gt;: parameter name used to set choice value (default: &lt;c2&gt;lmAuth&lt;/c2&gt;)</seg>
@ -2286,14 +2278,6 @@ make debian-packages</seg>
<seg>L'&lt;a0&gt;URI&lt;/a0&gt; de la page qui contient le formulaire</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>&lt;s0&gt;&lt;a1&gt;API&lt;/a1&gt; client ID&lt;/s0&gt;: &lt;a2&gt;API&lt;/a2&gt; client ID from Yubico</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162521Z" changeid="xavier">
<seg>&lt;s0&gt;Identifiant client de l'&lt;a1&gt;API&lt;/a1&gt;&lt;/s0&gt; : identifiant client de l'&lt;a2&gt;API&lt;/a2&gt; obtenu auprès de Yubico</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>&lt;s0&gt;ldapBindDN&lt;/s0&gt;: LDAP user.</seg>
@ -11184,14 +11168,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>Le menu est affiché si l'authentification est réussie.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>uid: coudot</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T163046Z" changeid="xavier">
<seg>uid: coudot</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>This part is based on &lt;a0&gt;SimpleSAMLPHP documentation&lt;/a0&gt;.</seg>
@ -11304,14 +11280,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>Si non, aller dans le manager et déclarer le manager comme un nouvel &lt;a0&gt;hôte virtuel&lt;/a0&gt;, par exemple &lt;c1&gt;manager.example.com&lt;/c1&gt;.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Then, go in &lt;c0&gt;Yubikey parameters&lt;/c0&gt;:</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162410Z" changeid="xavier">
<seg>Ensuite, aller dans les &lt;c0&gt;paramètres Yubikey&lt;/c0&gt;:</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg># Internal call to FastCGI server</seg>
@ -12386,14 +12354,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>&lt;s0&gt;Identifiant &lt;a1&gt;CAS&lt;/a1&gt;&lt;/s0&gt; : la clef de session à utiliser pour compléter le login (valeur transmise au clients &lt;a2&gt;CAS&lt;/a2&gt;).</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>&lt;s0&gt;&lt;a1&gt;API&lt;/a1&gt; secret key&lt;/s0&gt;: &lt;a2&gt;API&lt;/a2&gt; secret key from Yubico</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162610Z" changeid="xavier">
<seg>&lt;s0&gt;Clef secrète de l'&lt;a1&gt;API&lt;/a1&gt;&lt;/s0&gt; : clef secrète de l'&lt;a2&gt;API&lt;/a2&gt; obtenue auprès de Yubico</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>&lt;s0&gt;Display Name&lt;/s0&gt;: should be displayed on IDP, this is often your society name</seg>
@ -13158,14 +13118,6 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
<seg>Rejeu de formulaires</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>In Manager, go in &lt;c0&gt;General Parameters&lt;/c0&gt; &gt; &lt;c1&gt;Authentication modules&lt;/c1&gt; and choose Yubikey for authentication module.</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162359Z" changeid="xavier">
<seg>Dans le manager, allez dans &lt;c0&gt;Paramètres generaux&lt;/c0&gt; &gt; &lt;c1&gt;Modules d'authentification&lt;/c1&gt; et choisissez Yubikey comme module d'authentication.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Can be overridden by an LDAP &lt;a1&gt;URI&lt;/a1&gt; in server host.</seg>
@ -19056,14 +19008,6 @@ a2ensite test-apache2.conf</seg>
<seg>_url</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>&lt;s0&gt;OTP public ID part size&lt;/s0&gt;: Part of Yubikey OTP that will be used as the media identifier (default: 12)</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120226T162843Z" changeid="xavier">
<seg>&lt;s0&gt;Taille de la partie publique de l'OTP&lt;/s0&gt; : Partie du mot-de-passe unique Yubikey utilisée pour identifier les matériels (défaut: 12)</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>applications:obm_logo.png</seg>
@ -27020,14 +26964,6 @@ CUSTOM_FUNCTIONS_FILE=/root/SSOExtensions.pm</seg>
<seg>http://httpd.apache.org/docs/2.2/mod/mod_ssl.html</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>For example it can be stored as a second value of the uid attribute in the LDAP directory:</seg>
</tuv>
<tuv lang="FR-FR" changedate="20160301T054824Z" changeid="xavier">
<seg>Par exemple il peut être stocké comme seconde valeur de l'attibut uid dans un annuaire LDAP :</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Map the container port 80 to host port 80 (option -p)</seg>

30
omegat.files/fr/omegat/project_stats.txt
View File

@ -1,11 +1,11 @@
15/03/18 20:20
20/03/18 19:40
Données du projet
Segments Mots Caractères (sans espaces) Caractères (avec espaces)
Total : 18048 77326 540983 590477
Restants : 10254 40056 312579 333765
Segments uniques : 8895 56396 366854 410516
Segments uniques restants : 5269 27946 202107 221498
Total : 18128 77803 543797 593640
Restants : 10341 40622 315856 337476
Segments uniques : 8934 56748 368796 412764
Segments uniques restants : 5316 28374 204418 224184
Statistiques par fichiers :
@ -73,7 +73,7 @@ pages/documentation/current/authapache.html
pages/documentation/current/authcas.html 76 25 30 15 372 145 260 119 2422 910 1448 677 2682 1007 1666 774
pages/documentation/current/authchoice.html 55 13 30 5 252 37 210 17 1588 316 1228 146 1767 323 1401 153
pages/documentation/current/authcombination.html 187 140 122 112 1019 872 883 810 5963 4986 4832 4444 6768 5692 5587 5137
pages/documentation/current/authcustom.html 26 16 10 10 107 99 83 83 689 619 490 490 756 686 557 557
pages/documentation/current/authcustom.html 27 17 11 11 115 107 91 91 743 673 544 544 817 747 618 618
pages/documentation/current/authdbi.html 179 49 104 35 739 289 615 250 4728 1835 3727 1556 5229 2045 4202 1754
pages/documentation/current/authdemo.html 50 12 22 4 186 39 141 19 1165 304 803 130 1277 314 911 140
pages/documentation/current/authfacebook.html 54 18 29 9 309 104 249 78 1967 669 1440 459 2176 734 1638 520
@ -96,7 +96,7 @@ pages/documentation/current/authslave.html
pages/documentation/current/authssl.html 205 135 132 92 1032 522 847 423 7064 4071 5578 3207 7703 4331 6171 3455
pages/documentation/current/authtwitter.html 44 9 18 3 206 23 132 7 1404 204 786 74 1532 204 886 74
pages/documentation/current/authwebid.html 70 16 30 5 304 45 188 20 2066 460 1247 250 2238 468 1372 256
pages/documentation/current/authyubikey.html 49 13 25 7 247 66 181 50 1570 420 1004 290 1736 457 1146 327
pages/documentation/current/authyubikey.html 15 12 7 6 40 36 21 20 313 291 168 161 321 299 176 169
pages/documentation/current/autosignin.html 25 18 13 12 96 87 72 71 603 543 418 414 659 598 473 469
pages/documentation/current/browseablesessionbackend.html 186 79 132 65 892 372 779 334 5990 2741 5106 2464 6585 2979 5671 2689
pages/documentation/current/captcha.html 25 11 15 5 158 44 137 28 866 291 700 165 985 309 819 183
@ -105,11 +105,11 @@ pages/documentation/current/changeconfbackend.html
pages/documentation/current/configapache.html 34 19 25 13 194 65 173 49 1284 470 1125 339 1390 501 1231 370
pages/documentation/current/configlocation.html 456 253 334 175 2318 915 2025 754 16255 7892 13863 6344 18069 8480 15516 6854
pages/documentation/current/confignginx.html 46 32 24 17 260 193 204 148 1923 1524 1524 1189 2048 1605 1634 1255
pages/documentation/current/configplack.html 51 48 40 39 236 229 206 202 1681 1621 1438 1393 1819 1759 1576 1531
pages/documentation/current/configplack.html 54 51 43 42 247 240 217 213 1765 1705 1522 1477 1904 1844 1661 1616
pages/documentation/current/configvhost.html 248 147 105 60 1000 440 614 232 7971 4616 4339 2261 8686 4861 4789 2386
pages/documentation/current/customfunctions.html 71 41 44 24 372 156 300 114 2599 1232 1999 829 2841 1313 2223 906
pages/documentation/current/customhandlers.html 58 54 42 42 430 419 380 380 2693 2586 2349 2349 2980 2873 2619 2619
pages/documentation/current/devopshandler.html 76 70 39 39 325 305 242 242 2255 2132 1480 1480 2467 2328 1650 1650
pages/documentation/current/devopshandler.html 76 70 38 38 325 305 240 240 2255 2132 1465 1465 2467 2328 1634 1634
pages/documentation/current/docker.html 33 19 19 10 166 80 131 53 1243 711 927 468 1319 733 1003 490
pages/documentation/current/documentation/configuration-ldap.png_documentation_2.0_ldapconfbackend.html 38 34 11 10 87 81 28 26 824 771 333 297 833 780 339 303
pages/documentation/current/documentation/googleapps-menu.png_documentation_2.0_applications_googleapps.html 38 34 8 8 90 84 18 18 838 788 222 222 847 797 224 224
@ -135,7 +135,7 @@ pages/documentation/current/documentation/status_standard.png_documentation_2.0_
pages/documentation/current/error.html 78 17 63 10 517 53 477 34 2942 417 2655 278 3353 436 3060 295
pages/documentation/current/exportedvars.html 75 38 50 23 464 124 412 89 2773 1010 2319 654 3153 1087 2694 731
pages/documentation/current/extendedfunctions.html 204 99 107 38 891 275 666 152 5829 2362 3880 1067 6421 2470 4400 1162
pages/documentation/current/external2f.html 29 25 20 19 220 215 200 199 1222 1184 1065 1055 1396 1358 1239 1229
pages/documentation/current/external2f.html 30 26 21 20 228 223 208 207 1271 1233 1114 1104 1451 1413 1294 1284
pages/documentation/current/fastcgi.html 13 10 5 4 36 31 17 15 258 229 117 103 266 236 125 110
pages/documentation/current/fastcgiserver.html 40 16 23 6 239 36 204 12 1509 344 1222 134 1673 346 1381 134
pages/documentation/current/federationproxy.html 43 28 19 11 180 106 120 66 1387 901 816 479 1490 950 908 528
@ -199,7 +199,7 @@ pages/documentation/current/rbac.html
pages/documentation/current/redirections.html 49 20 30 12 476 213 426 193 2837 1376 2457 1200 3229 1530 2831 1354
pages/documentation/current/register.html 33 27 17 17 193 182 158 158 1049 965 752 752 1194 1106 893 893
pages/documentation/current/resetpassword.html 72 26 46 12 586 182 528 149 3210 1057 2702 734 3678 1188 3161 865
pages/documentation/current/rest2f.html 56 42 21 21 270 237 141 141 1554 1296 743 743 1746 1470 857 857
pages/documentation/current/rest2f.html 57 43 22 22 278 245 149 149 1603 1345 792 792 1801 1525 912 912
pages/documentation/current/restconfbackend.html 40 27 24 16 198 150 157 119 1456 1130 1131 876 1610 1255 1273 993
pages/documentation/current/restservices.html 20 17 7 7 86 81 56 56 566 538 302 302 611 583 347 347
pages/documentation/current/restsessionbackend.html 70 48 36 33 420 363 359 330 2751 2334 2221 1990 3057 2612 2518 2266
@ -219,11 +219,13 @@ pages/documentation/current/soapsessionbackend.html
pages/documentation/current/sqlconfbackend.html 110 88 69 60 416 349 321 269 2740 2403 2049 1796 3016 2637 2287 1993
pages/documentation/current/sqlsessionbackend.html 136 44 62 22 601 197 388 135 4037 1290 2353 784 4368 1415 2630 890
pages/documentation/current/ssocookie.html 60 17 32 4 436 67 364 36 2393 502 1871 238 2740 530 2195 266
pages/documentation/current/start.html 859 550 196 139 2030 1445 890 598 17834 13819 6129 4368 18547 14180 6695 4706
pages/documentation/current/start.html 873 562 203 146 2060 1474 909 617 18131 14108 6275 4514 18851 14476 6849 4860
pages/documentation/current/status.html 62 21 30 7 312 71 248 41 2008 539 1486 300 2182 565 1654 324
pages/documentation/current/totp2f.html 61 56 35 35 383 377 329 329 2423 2378 1899 1899 2710 2665 2182 2182
pages/documentation/current/u2f.html 76 68 33 33 467 452 291 291 3019 2896 1807 1807 3346 3217 2038 2038
pages/documentation/current/totp2f.html 61 56 36 36 395 389 344 344 2437 2392 1955 1955 2744 2699 2258 2258
pages/documentation/current/u2f.html 74 66 33 33 453 438 291 291 2865 2742 1749 1749 3186 3057 1984 1984
pages/documentation/current/upgrade.html 186 162 94 94 1005 956 793 793 6327 5947 4425 4425 7056 6660 5099 5099
pages/documentation/current/utotp2f.html 44 41 20 20 298 294 239 239 1728 1700 1290 1290 1956 1928 1508 1508
pages/documentation/current/variables.html 174 53 95 31 524 136 399 90 3315 1013 2327 607 3640 1072 2626 662
pages/documentation/current/writingrulesand_headers.html 183 105 99 53 916 558 741 443 6016 3895 4348 2666 6668 4285 4968 3046
pages/documentation/current/yamlconfbackend.html 18 14 4 4 76 51 27 27 570 431 191 191 609 450 210 210
pages/documentation/current/yubikey2f.html 52 31 24 15 323 240 206 152 1950 1321 1123 785 2188 1515 1294 920

4
po-doc/fr/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1521141343" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1521571149" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
po-doc/fr/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1521141343" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1521571149" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

8
po-doc/fr/pages/documentation/current/authcustom.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcustom.html"/>
@ -68,8 +68,10 @@
This artifact allows one to define its own modules (authentication, user database, password or register DB).
</p>
<div class="notetip">The developper documentation is available in Portal manpages.
</div><!-- EDIT3 SECTION "Presentation" [117-252] -->
</div>
</div><!-- EDIT3 SECTION "Presentation" [117-331] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
@ -86,7 +88,7 @@ See portal manpages to see how to write these plugins.
</p>
</div><!-- EDIT4 SECTION "Configuration" [253-] -->
</div><!-- EDIT4 SECTION "Configuration" [332-] -->
</div>
</body>
</html>

63
po-doc/fr/pages/documentation/current/authyubikey.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authyubikey"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authyubikey.html"/>
@ -47,68 +47,9 @@
<h1 class="sectionedit1" id="yubikey">Yubikey</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentification </th><th class="col1 centeralign"> Utilisateurs </th><th class="col2 centeralign"> Mot-de-passe </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div><!-- EDIT2 TABLE [24-81] -->
</div><!-- EDIT1 SECTION "Yubikey" [1-82] -->
<h2 class="sectionedit3" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> est un petit matériel d'authentification vendu par <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. Il envoie un mot-de-passe à valeur unique (OTP) qui est validé par un serveur Yubico.
</p>
<p>
Le paquet <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> est nécessaire.
</p>
<p>
Un identifiant client et une clef secrète doivent être obtenues auprès de Yubico. Voir la page <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a>.
</p>
<div class="notetip">To use your Yubikeys as “second factor”, use <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">Universal 2nd Factor Authentication (U2F)</a> instead of this module
<div class="noteimportant">This module has been replaced by <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey Second Factor</a>
</div>
</div><!-- EDIT3 SECTION "Presentation" [83-647] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
Dans le manager, allez dans <code>Paramètres generaux</code> &gt; <code>Modules d'authentification</code> et choisissez Yubikey comme module d'authentication.
</p>
<div class="notetip">Vous pouvez ensuite choisir vos modules d'utilisateurs et de mots-de-passe.
</div>
<p>
Ensuite, aller dans les <code>paramètres Yubikey</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Niveau d'authentification</strong> : niveau d'authentification accordé à ce module.</div>
</li>
<li class="level1"><div class="li"> <strong>Identifiant client de l'<abbr title="Interface de programmation">API</abbr></strong> : identifiant client de l'<abbr title="Interface de programmation">API</abbr> obtenu auprès de Yubico</div>
</li>
<li class="level1"><div class="li"> <strong>Clef secrète de l'<abbr title="Interface de programmation">API</abbr></strong> : clef secrète de l'<abbr title="Interface de programmation">API</abbr> obtenue auprès de Yubico</div>
</li>
<li class="level1"><div class="li"> <strong>Taille de la partie publique de l'OTP</strong> : Partie du mot-de-passe unique Yubikey utilisée pour identifier les matériels (défaut: 12)</div>
</li>
</ul>
<div class="notetip">You have to register the media identifier in your user backend (LDAP or SQL) to match the yubikey with a real user. Par exemple il peut être stocké comme seconde valeur de l'attibut uid dans un annuaire LDAP :<ul>
<li class="level1"><div class="li"> uid: coudot</div>
</li>
<li class="level1"><div class="li"> uid: 123456789012 </div>
</li>
</ul>
</div>
</div><!-- EDIT4 SECTION "Configuration" [648-] -->
</div>
</body>
</html>

5
po-doc/fr/pages/documentation/current/configplack.html
View File

@ -57,7 +57,9 @@
<h2 class="sectionedit2" id="complete_example">Complete example</h2>
<div class="level2">
<pre class="code :perl"><span class="co1">#!/usr/bin/perl</span>
<dl class="file">
<dt><a href="_export/code/documentation/2.0/configplack/codeblock.0.code" title="Download Snippet" class="mediafile mf_psgi">llapp.psgi</a></dt>
<dd><pre class="code file perl"><span class="co1">#!/usr/bin/perl</span>
&nbsp;
<span class="kw2">use</span> Data<span class="sy0">::</span><span class="me2">Dumper</span><span class="sy0">;</span>
<span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Builder</span><span class="sy0">;</span>
@ -108,6 +110,7 @@ builder <span class="br0">{</span>
mount <span class="st_h">'http://auth.example.com/'</span> <span class="sy0">=&gt;</span> <span class="re0">$portal</span><span class="sy0">;</span>
mount <span class="st_h">'http://manager.example.com/'</span> <span class="sy0">=&gt;</span> <span class="re0">$manager</span><span class="sy0">;</span>
<span class="br0">}</span><span class="sy0">;</span></pre>
</dd></dl>
<p>

4
po-doc/fr/pages/documentation/current/external2f.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,external2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="external2f.html"/>
@ -84,6 +84,8 @@ All parameters are configured in “General Parameters » Portal Parameters » E
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (Optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
<div class="noteimportant">The command line is split in an array and launch with exec(). So you don't need to enclose arguments in “” and this protects your system against shell injection. However, you can not use any space except to separate arguments.

2
po-doc/fr/pages/documentation/current/parameterlist.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>

12
po-doc/fr/pages/documentation/current/rest2f.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,rest2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="rest2f.html"/>
@ -90,9 +90,11 @@ All parameters are configured in “General Parameters » Portal Parameters » S
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
</div><!-- EDIT2 SECTION "Configuration" [187-837] -->
</div><!-- EDIT2 SECTION "Configuration" [187-901] -->
<h2 class="sectionedit3" id="arguments">Arguments</h2>
<div class="level2">
@ -105,7 +107,7 @@ Arguments are a list of key/value. Key is the name of JSON entry, value is attri
<div class="noteimportant">For Verify <abbr title="Uniform Resource Locator">URL</abbr>, you should send $code at least
</div>
</div><!-- EDIT3 SECTION "Arguments" [838-1032] -->
</div><!-- EDIT3 SECTION "Arguments" [902-1096] -->
<h2 class="sectionedit4" id="rest_dialog">REST Dialog</h2>
<div class="level2">
@ -127,9 +129,9 @@ REST web services just have to respond with a “result” key in a JSON file. A
<tr class="row2 roweven">
<td class="col0 centeralign"> Verify <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“code”:“$code”,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div><!-- EDIT5 TABLE [1243-1472] -->
</table></div><!-- EDIT5 TABLE [1307-1536] -->
</div><!-- EDIT4 SECTION "REST Dialog" [1033-] -->
</div><!-- EDIT4 SECTION "REST Dialog" [1097-] -->
</div>
</body>
</html>

4
po-doc/fr/pages/documentation/current/restserverplugin
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1521141362" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1521571168" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
po-doc/fr/pages/documentation/current/soapsessionbackend.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,soapsessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="soapsessionbackend.html"/>

52
po-doc/fr/pages/documentation/current/start.html
View File

@ -311,7 +311,7 @@
<td class="col0"> <a href="authwebid.html" class="wikilink1" title="documentation:2.0:authwebid">WebID</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> <a href="authyubikey.html" class="wikilink1" title="documentation:2.0:authyubikey">Yubikey</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0"> <del><a href="authyubikey.html" class="wikilink1" title="documentation:2.0:authyubikey">Yubikey</a></del> </td><td class="col1 centeralign" colspan="3"> <em>Deprecated, replaced by Yubikey second factor</em> </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> <a href="authcustom.html" class="wikilink1" title="documentation:2.0:authcustom">Custom modules</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td>
@ -341,24 +341,30 @@
<th class="col0"> Second factor </th><th class="col1 centeralign"> Authentification </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row31 rowodd">
<td class="col0"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">TOTP-or-U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row32 roweven">
<td class="col0"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(Google Authenticator,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row33 rowodd">
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(Google Authenticator,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row34 roweven">
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row35 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentification </th><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row36 roweven">
<td class="col0"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row37 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentification </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row38 roweven">
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
</table></div><!-- EDIT9 TABLE [2320-4477] -->
</table></div><!-- EDIT9 TABLE [2320-4642] -->
<p>
</p></div></div>
@ -402,13 +408,13 @@
<tr class="row5 rowodd">
<td class="col0"> <a href="issuerdbget.html" class="wikilink1" title="documentation:2.0:issuerdbget">Get parameters provider</a> <em>(for poor applications)</em> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
</table></div><!-- EDIT10 TABLE [4823-5184] -->
</table></div><!-- EDIT10 TABLE [4988-5349] -->
<p>
</p></div></div>
</p>
</div><!-- EDIT8 SECTION "Portal" [1784-5212] -->
</div><!-- EDIT8 SECTION "Portal" [1784-5377] -->
<h3 class="sectionedit11" id="handlers">Handlers</h3>
<div class="level3">
@ -440,7 +446,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> For Cross Domain Authentication </td><td class="col5"></td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(SSOaaS)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Designed to secure dialog between a LLNG reverse-proxy and a remote app </td><td class="col5"></td>
@ -451,7 +457,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<tr class="row7 rowodd">
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4 leftalign"> </td>
</tr>
</table></div><!-- EDIT12 TABLE [5451-6284] -->
</table></div><!-- EDIT12 TABLE [5616-6462] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionality.</em>
@ -461,7 +467,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
</p></div></div>
</p>
</div><!-- EDIT11 SECTION "Handlers" [5213-6407] -->
</div><!-- EDIT11 SECTION "Handlers" [5378-6585] -->
<h3 class="sectionedit13" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -507,7 +513,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<tr class="row7 rowodd">
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Backend proxy à utiliser avec un autre backend de configuration. <br/><strong>Peut être utilisé pour sécuriser un autre backend</strong> pour des serveurs distants. </td>
</tr>
</table></div><!-- EDIT14 TABLE [6706-7688] -->
</table></div><!-- EDIT14 TABLE [6884-7866] -->
<div class="notetip">On ne peut démarrer avec une configuration vide, il faut donc lire <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">comment changer de backend de configuration</a> pour convertir une configuration existante en une autre.
</div>
<p>
@ -562,13 +568,13 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
<tr class="row8 roweven">
<td class="col0 centeralign"> <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> Backend proxy à utiliser avec un autre backend de sessions. <br/> <strong>Peut être utilisé pour sécuriser un autre backend</strong> pour des serveurs distants. </td>
</tr>
</table></div><!-- EDIT15 TABLE [8553-10232] -->
</table></div><!-- EDIT15 TABLE [8731-10410] -->
<p>
</p></div></div>
</p>
</div><!-- EDIT13 SECTION "LLNG databases" [6408-10260] -->
</div><!-- EDIT13 SECTION "LLNG databases" [6586-10438] -->
<h2 class="sectionedit16" id="applications_protection">Protection des applications</h2>
<div class="level2">
@ -597,7 +603,7 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
</p></div></div>
</p>
</div><!-- EDIT16 SECTION "Applications protection" [10261-10751] -->
</div><!-- EDIT16 SECTION "Applications protection" [10439-10929] -->
<h3 class="sectionedit17" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
@ -696,7 +702,7 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
</p></div>
</p>
</div><!-- EDIT17 SECTION "Well known compatible applications" [10752-12965] -->
</div><!-- EDIT17 SECTION "Well known compatible applications" [10930-13143] -->
<h2 class="sectionedit18" id="advanced_features">Fonctionnalités avancées</h2>
<div class="level2">
@ -729,7 +735,7 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
</li>
<li class="level1"><div class="li"> <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">Agent AuthBasic</a></div>
</li>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a></div>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a> <em>(SSOaaS)</em></div>
</li>
<li class="level1"><div class="li"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Handling server webservice calls</a></div>
</li>
@ -749,7 +755,7 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
</p></div></div>
</p>
</div><!-- EDIT18 SECTION "Advanced features" [12966-14014] -->
</div><!-- EDIT18 SECTION "Advanced features" [13144-14205] -->
<h2 class="sectionedit19" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -780,7 +786,7 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
</p></div></div>
</p>
</div><!-- EDIT19 SECTION "Mini howtos" [14015-14684] -->
</div><!-- EDIT19 SECTION "Mini howtos" [14206-14875] -->
<h2 class="sectionedit20" id="exploitation">Exploitation</h2>
<div class="level2">
@ -813,7 +819,7 @@ Les sessions sont stockées en utilisant les modules de la famille <a href="http
</p></div></div>
</p>
</div><!-- EDIT20 SECTION "Exploitation" [14685-15105] -->
</div><!-- EDIT20 SECTION "Exploitation" [14876-15296] -->
<h2 class="sectionedit21" id="bug_report">Bug report</h2>
<div class="level2">
@ -824,7 +830,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div><!-- EDIT21 SECTION "Bug report" [15106-15170] -->
</div><!-- EDIT21 SECTION "Bug report" [15297-15361] -->
<h2 class="sectionedit22" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -905,7 +911,7 @@ To translate this doc (Manager help):
</li>
</ul>
</div><!-- EDIT22 SECTION "Developer corner" [15171-] -->
</div><!-- EDIT22 SECTION "Developer corner" [15362-] -->
</div>
</body>
</html>

18
po-doc/fr/pages/documentation/current/totp2f.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
@ -88,7 +88,7 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level1"><div class="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/totpregister.html" class="urlextern" title="https://auth.your.domain/totpregister.html" rel="nofollow">https://auth.your.domain/totpregister.html</a>)</em></div>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” if users are authorizated to generate themselves TOTP secret</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
@ -100,11 +100,15 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Display existing secret: display an already registered secret (default: disabled)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Change existing secret: authorize a user to change its already registered TOTP secret</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div><!-- EDIT2 SECTION "Configuration" [634-1815] -->
</div><!-- EDIT2 SECTION "Configuration" [634-1941] -->
<h2 class="sectionedit3" id="enrollment">Enrollment</h2>
<div class="level2">
@ -114,7 +118,7 @@ In the manager (advanced parameters), you just have to enable it:
If you've enabled self registration, users can get their key using <a href="https://portal/totpregister.html" class="urlextern" title="https://portal/totpregister.html" rel="nofollow">https://portal/totpregister.html</a>
</p>
</div><!-- EDIT3 SECTION "Enrollment" [1816-1940] -->
</div><!-- EDIT3 SECTION "Enrollment" [1942-2066] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<div class="level2">
@ -125,7 +129,7 @@ If a user lost its key, you may remove it's persistent session using the session
</p>
</div><!-- EDIT4 SECTION "Assistance" [1941-2056] -->
</div><!-- EDIT4 SECTION "Assistance" [2067-2182] -->
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -147,9 +151,9 @@ If you have another TOTP registration interface, you have to populate session (u
<tr class="row2 roweven">
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div><!-- EDIT6 TABLE [2212-2330] -->
</table></div><!-- EDIT6 TABLE [2338-2456] -->
</div><!-- EDIT5 SECTION "Developer corner" [2057-] -->
</div><!-- EDIT5 SECTION "Developer corner" [2183-] -->
</div>
</body>
</html>

22
po-doc/fr/pages/documentation/current/u2f.html
View File

@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,u2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="u2f.html"/>
@ -97,13 +97,13 @@ This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple"
<p>
In the manager (advanced parameters), you just have to enable it:
In the manager (second factors), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> U2F ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/u2fregister.html" class="urlextern" title="https://auth.your.domain/u2fregister.html" rel="nofollow">https://auth.your.domain/u2fregister.html</a>)</em></div>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” if users are authorizated to register their keys</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
@ -111,7 +111,7 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_u2fKeyHandle and $_u2fUserKey</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div><!-- EDIT3 SECTION "Configuration" [874-1815] -->
</div><!-- EDIT3 SECTION "Configuration" [874-1733] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
@ -122,9 +122,9 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level2"><div class="li"> 38 to 56 with <a href="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" class="urlextern" title="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" rel="nofollow">U2F Support Add-on</a></div>
</li>
<li class="level2"><div class="li"> 57 to 58, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
<li class="level2"><div class="li"> 57 to 59, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
</li>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 59</div>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 60</div>
</li>
</ul>
</li>
@ -132,7 +132,7 @@ In the manager (advanced parameters), you just have to enable it:
</li>
</ul>
</div><!-- EDIT4 SECTION "Browser compatibility" [1816-2253] -->
</div><!-- EDIT4 SECTION "Browser compatibility" [1734-2171] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
@ -142,7 +142,7 @@ In the manager (advanced parameters), you just have to enable it:
If you've enabled self registration, users can register their FIDO key using <a href="https://portal/u2fregister.html" class="urlextern" title="https://portal/u2fregister.html" rel="nofollow">https://portal/u2fregister.html</a>
</p>
</div><!-- EDIT5 SECTION "Enrollment" [2254-2387] -->
</div><!-- EDIT5 SECTION "Enrollment" [2172-2305] -->
<h2 class="sectionedit6" id="assistance">Assistance</h2>
<div class="level2">
@ -153,7 +153,7 @@ If a user lost its key, you may remove it's persistent session using the session
</p>
</div><!-- EDIT6 SECTION "Assistance" [2388-2503] -->
</div><!-- EDIT6 SECTION "Assistance" [2306-2421] -->
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -175,7 +175,7 @@ If you have another U2F registration interface, you have to populate session (us
<tr class="row2 roweven">
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div><!-- EDIT8 TABLE [2658-2776] -->
</table></div><!-- EDIT8 TABLE [2576-2694] -->
<p>
@ -183,7 +183,7 @@ Note that both “origin” and “appId” are fixed to portal <abbr title="Uni
</p>
</div><!-- EDIT7 SECTION "Developer corner" [2504-] -->
</div><!-- EDIT7 SECTION "Developer corner" [2422-] -->
</div>
</body>
</html>

116
po-doc/fr/pages/documentation/current/utotp2f.html Normal file
View File

@ -0,0 +1,116 @@
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:utotp2f</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,utotp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="utotp2f.html"/>
<link rel="contents" href="utotp2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:utotp2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="u2f-or-totp_2nd_factor_authentication">U2F-or-TOTP 2nd Factor Authentication</h1>
<div class="level1">
<p>
This modules enables simultaneously <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(like Gitlab)</em>. Users can so use their TOTP instead if they don't have their U2F device.
</p>
<p>
The difference with enabling both U2F and TOTP is that there is only one page displayed instead of displaying first a choice menu.
</p>
<p>
The corresponding registration module authorize U2F registration only if user has already registered a TOTP secret.
</p>
</div><!-- EDIT1 SECTION "U2F-or-TOTP 2nd Factor Authentication" [1-463] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
In the manager (advanced parameters), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> Activation: set it to “on”. Note that you should not enable directly <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(except for self-registration: see below)</em></div>
</li>
<li class="level1"><div class="li"> Authentication level: you can overwrite here auth level for registered users. Leave it blank keeps auth level provided by first authentication module (default: 2 for user/password based modules). It is recommended to set an higher value here if you want to give access to some apps only to users enrolled.</div>
</li>
</ul>
<div class="notetip">Every other parameters of <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> can be set in the corresponding 2F modules except that you should not enable them.
</div><div class="noteimportant">If you want to give a different level for U2F or TOTP, leave this parameter blank and set U2F ant TOTP “authentication level” in corresponding modules.
</div>
</div><!-- EDIT2 SECTION "Configuration" [464-1353] -->
<h3 class="sectionedit3" id="self-registration">Self-registration</h3>
<div class="level3">
<p>
This module has no self-registration. You must use U2F and TOTP self registration modules. Example: suppose you want to authorize U2F registration only if a TOTP secret is registered:
</p>
<ul>
<li class="level1"><div class="li"> TOTP self-registration ⇒ enabled</div>
</li>
<li class="level1"><div class="li"> U2F self-registration ⇒ set to <code>$_totp2fSecret</code></div>
</li>
</ul>
<p>
Automatically, U2F registration will be hidden for unregistered TOTP users and displayed then.
</p>
</div><!-- EDIT3 SECTION "Self-registration" [1354-] -->
</div>
</body>
</html>

126
po-doc/fr/pages/documentation/current/yubikey2f.html Normal file
View File

@ -0,0 +1,126 @@
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:yubikey2f</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,yubikey2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="yubikey2f.html"/>
<link rel="contents" href="yubikey2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:yubikey2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Pré-requis et dépendances</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#provisioning">Provisioning</a></div></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="yubikey_second_factor">Yubikey Second Factor</h1>
<div class="level1">
<p>
<a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> est un petit matériel d'authentification vendu par <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. Il envoie un mot-de-passe à valeur unique (OTP) qui est validé par un serveur Yubico.
</p>
</div><!-- EDIT1 SECTION "Yubikey Second Factor" [1-214] -->
<h2 class="sectionedit2" id="prerequisites_and_dependencies">Pré-requis et dépendances</h2>
<div class="level2">
<p>
Le paquet <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> est nécessaire.
</p>
<p>
Un identifiant client et une clef secrète doivent être obtenues auprès de Yubico. Voir la page <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a>.
</p>
</div><!-- EDIT2 SECTION "Prerequisites and dependencies" [215-483] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
In the manager (second factors), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> Self registration: set it to “on” if users are authorizated to register their keys</div>
</li>
<li class="level1"><div class="li"> Authentication level: you can overwrite here auth level for Yubikey registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
<li class="level1"><div class="li"> Client ID: given by Yubico or another service</div>
</li>
<li class="level1"><div class="li"> <abbr title="Interface de programmation">API</abbr> secret key: given by Yubico or another service</div>
</li>
<li class="level1"><div class="li"> Nonce (optional): if any</div>
</li>
<li class="level1"><div class="li"> <abbr title="Uniform Resource Locator">URL</abbr>: Url of service (leave blank to use Yubico cloud services)</div>
</li>
<li class="level1"><div class="li"> OTP public ID part size: leave it to default (12) unless you know what you are doing</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_yubikeys</code>, else Yubikey will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div><!-- EDIT3 SECTION "Configuration" [484-1599] -->
<h2 class="sectionedit4" id="provisioning">Provisioning</h2>
<div class="level2">
<p>
If you don't want to use self-registration, set public part of user's yubikey <em>(12 first characters)</em> in an attribute mapped to <code>_yubikeys</code>. Multiples values are allowed (space or comma separated).
</p>
</div><!-- EDIT4 SECTION "Provisioning" [1600-] -->
</div>
</body>
</html>