Merge branch 'v2.0' into findUser
This commit is contained in:
commit
e1de8e34c2
|
@ -75,6 +75,12 @@ Define here:
|
||||||
$env->{urldc} =~ /test1\.example\.com/
|
$env->{urldc} =~ /test1\.example\.com/
|
||||||
|
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
Federated authentication need pdata cookie.
|
||||||
|
SameSite cookie value must be set to "Lax" or "None".
|
||||||
|
See :doc:`SSO cookie parameters<ssocookie>`
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
Authentication request to an another URL than Portal URL can lead
|
Authentication request to an another URL than Portal URL can lead
|
||||||
|
@ -100,7 +106,7 @@ Define here:
|
||||||
.. tip::
|
.. tip::
|
||||||
|
|
||||||
You can also override some LLNG parameters for each chain. See
|
You can also override some LLNG parameters for each chain. See
|
||||||
:doc:`Parameter list<parameterlist>` to have the key names to use
|
:doc:`Parameters list<parameterlist>` to have the key names to use
|
||||||
|
|
||||||
.. |image0| image:: /documentation/manager-choice.png
|
.. |image0| image:: /documentation/manager-choice.png
|
||||||
:class: align-center
|
:class: align-center
|
||||||
|
|
|
@ -56,7 +56,7 @@ Google France Connect
|
||||||
|
|
||||||
.. attention::
|
.. attention::
|
||||||
|
|
||||||
OpenID-Connect specification isn't finished for logout
|
OpenID-Connect specification is not finished for logout
|
||||||
propagation. So logout initiated by relaying-party will be forward to
|
propagation. So logout initiated by relaying-party will be forward to
|
||||||
OpenID-Connect provider but logout initiated by the provider (or another
|
OpenID-Connect provider but logout initiated by the provider (or another
|
||||||
RP) will not be propagated. LLNG will implement this when spec will be
|
RP) will not be propagated. LLNG will implement this when spec will be
|
||||||
|
@ -127,7 +127,9 @@ parameter, for example:
|
||||||
.. attention::
|
.. attention::
|
||||||
|
|
||||||
If you use the :doc:`choice backend<authchoice>`, you
|
If you use the :doc:`choice backend<authchoice>`, you
|
||||||
need to add the choice parameter in redirect URL
|
need to add the choice parameter in redirect URL or
|
||||||
|
set SameSite cookie value to "Lax" or "None".
|
||||||
|
See :doc:`SSO cookie parameters<ssocookie>`
|
||||||
|
|
||||||
After registration, the OP must give you a client ID and a client
|
After registration, the OP must give you a client ID and a client
|
||||||
secret, that will be used to configure the OP in LL::NG.
|
secret, that will be used to configure the OP in LL::NG.
|
||||||
|
@ -148,6 +150,8 @@ The OP should publish its metadata in a JSON file (see for example
|
||||||
`Google
|
`Google
|
||||||
metadata <https://accounts.google.com/.well-known/openid-configuration>`__).
|
metadata <https://accounts.google.com/.well-known/openid-configuration>`__).
|
||||||
Copy the content of this file in the textarea.
|
Copy the content of this file in the textarea.
|
||||||
|
Portal discovery document can be found here:
|
||||||
|
https://#portal#/.well-known/openid-configuration
|
||||||
|
|
||||||
If no metadata is available, you need to write them in the textarea.
|
If no metadata is available, you need to write them in the textarea.
|
||||||
Mandatory fields are:
|
Mandatory fields are:
|
||||||
|
@ -217,7 +221,7 @@ Options
|
||||||
- **Client ID**: Client ID given by OP
|
- **Client ID**: Client ID given by OP
|
||||||
- **Client secret**: Client secret given by OP
|
- **Client secret**: Client secret given by OP
|
||||||
- **Store ID token**: Allows one to store the ID token (JWT) inside
|
- **Store ID token**: Allows one to store the ID token (JWT) inside
|
||||||
user session. Don't enable it unless you need to replay this token
|
user session. Do not enable it unless you need to replay this token
|
||||||
on an application, or if you need the id_token_hint parameter when
|
on an application, or if you need the id_token_hint parameter when
|
||||||
using logout.
|
using logout.
|
||||||
|
|
||||||
|
|
|
@ -38,8 +38,8 @@ To edit SSO cookie parameters, go in Manager, ``General Parameters`` >
|
||||||
expiration time and use a session cookie.
|
expiration time and use a session cookie.
|
||||||
- **Cookie SameSite value**: the value of the SameSite cookie attribute. By
|
- **Cookie SameSite value**: the value of the SameSite cookie attribute. By
|
||||||
default, LemonLDAP::NG will set it to "Lax" in most cases, and "None" if you
|
default, LemonLDAP::NG will set it to "Lax" in most cases, and "None" if you
|
||||||
use SAML. Using "None" requres Secured Cookies, and accessing applications
|
use federated authentiication like SAML or OIdC. Using "None" requires Secured Cookies,
|
||||||
over HTTPS on most web browsers.
|
and accessing applications over HTTPS on most web browsers.
|
||||||
|
|
||||||
|
|
||||||
.. danger::
|
.. danger::
|
||||||
|
|
|
@ -1912,7 +1912,6 @@ sub sloServer {
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
my $res = $self->p->process($req);
|
my $res = $self->p->process($req);
|
||||||
$self->logger->debug("MAXBES Process retuned $res");
|
|
||||||
|
|
||||||
if ( $res eq PE_REDIRECT ) {
|
if ( $res eq PE_REDIRECT ) {
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user