dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
289930e2ad
lemonldap-ng/po-doc/fr/pages/documentation/current/applications/cornerstone.html
Xavier Guimard 43fbe42b7e Update doc
2017-02-22 12:41:23 +00:00

178 lines
9.8 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:applications:cornerstone</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,cornerstone"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cornerstone.html"/>
<link rel="contents" href="cornerstone.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:cornerstone","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#new_service_provider">Nouveau fournisseur de service</a></div></li>
<li class="level2"><div class="li"><a href="#csod_control_panel">Panneau de configuration CSOD</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#certificate">Certificat</a></div></li>
<li class="level3"><div class="li"><a href="#saml_assertion">Assertion SAML</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="cornerstone_on_demand">Cornerstone On Demand</h1>
<div class="level1">
<p>
<a href="csod_logo.png_documentation_2.0_applications_cornerstone.html" class="media" title="applications:csod_logo.png"><img src="csod_logo.png" class="mediacenter" alt="" /></a>
</p>
</div><!-- EDIT1 SECTION "Cornerstone On Demand" [1-73] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/" rel="nofollow">CornerStone On Demand (CSOD)</a> allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. Il fonctionne par défaut avec un mécanisme initié par l'IDP mais permet un fonctionnement standard initié par le SP.
</p>
<p>
Pour fonctionner avec <abbr title="LemonLDAP::NG">LL::NG</abbr> il faut :
</p>
<ul>
<li class="level1"><div class="li"> un compte entreprise</div>
</li>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configuré comme <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">fournisseur d'identité SAML</a></div>
</li>
<li class="level1"><div class="li"> Enregistrer les utilisateurs dans CSOD avec la même adresse mail que celle utilisée dans <abbr title="LemonLDAP::NG">LL::NG</abbr> (l'adresse mail sera le NameID échangé entre CSOD et <abbr title="LemonLDAP::NG">LL::NG</abbr>)</div>
</li>
</ul>
</div><!-- EDIT2 SECTION "Presentation" [74-578] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div><!-- EDIT3 SECTION "Configuration" [579-605] -->
<h3 class="sectionedit4" id="new_service_provider">Nouveau fournisseur de service</h3>
<div class="level3">
<p>
Il est nécessaire d'avoir configuré <abbr title="LemonLDAP::NG">LL::NG</abbr> comme <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">fournisseur d'identité SAML</a>,
</p>
<p>
Ajouter CSOD comme nouveau fournisseur de service <abbr title="Security Assertion Markup Language">SAML</abbr> :
</p>
<ol>
<li class="level1"><div class="li"> Dans le manager, cliquer sur fournisseurs de service <abbr title="Security Assertion Markup Language">SAML</abbr> puis sur le bouton <code>Nouveau fournisseur de service</code>.</div>
</li>
<li class="level1"><div class="li"> Mettre csod comme nom de fournisseur de service.</div>
</li>
<li class="level1"><div class="li"> Mettre <code>Email</code> dans <code>Options</code> » <code>Réponse d'authentification</code> » <code>Format NameID par défaut</code></div>
</li>
<li class="level1"><div class="li"> Selectionner <code>Metadata</code>, et déprotéger le champ pour y mettre :</div>
</li>
</ol>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;md:EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">"mycompanyid.csod.com"</span> <span class="re0">xmlns</span>=<span class="st0">"urn:oasis:names:tc:SAML:2.0:metadata"</span> <span class="re0">xmlns:ds</span>=<span class="st0">"http://www.w3.org/2000/09/xmldsig#"</span> <span class="re0">xmlns:md</span>=<span class="st0">"urn:oasis:names:tc:SAML:2.0:metadata"</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;SPSSODescriptor</span> <span class="re0">protocolSupportEnumeration</span>=<span class="st0">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;KeyDescriptor</span> <span class="re0">use</span>=<span class="st0">"signing"</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;ds:KeyInfo</span> <span class="re0">xmlns:ds</span>=<span class="st0">"http://www.w3.org/2000/09/xmldsig#"</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;ds:X509Data<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;ds:X509Certificate<span class="re2">&gt;</span></span></span>
Base64 encoded CSOD certificate
<span class="sc3"><span class="re1">&lt;/ds:X509Certificate<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/ds:X509Data<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/ds:KeyInfo<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/KeyDescriptor<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;AssertionConsumerService</span> <span class="re0">Binding</span>=<span class="st0">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span> <span class="re0">Location</span>=<span class="st0">"https://mycompanyid.csod.com/samldefault.aspx"</span> <span class="re0">index</span>=<span class="st0">"1"</span> <span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;NameIDFormat<span class="re2">&gt;</span></span></span>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress<span class="sc3"><span class="re1">&lt;/NameIDFormat<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<div class="noteimportant">Changer <strong>mycompanyid</strong> (dans <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) avec l'ID CSOD de l'entreprise et mettre la valeur du certificat dans ds:X509Certificate markup
</div>
</div><!-- EDIT4 SECTION "New Service Provider" [606-2120] -->
<h3 class="sectionedit5" id="csod_control_panel">Panneau de configuration CSOD</h3>
<div class="level3">
<p>
CSOD nécessite 2 éléments pour configurer <abbr title="LemonLDAP::NG">LL::NG</abbr> comme IDP :
</p>
<ul>
<li class="level1"><div class="li"> Certificat</div>
</li>
<li class="level1"><div class="li"> Assertion <abbr title="Security Assertion Markup Language">SAML</abbr></div>
</li>
</ul>
</div>
<h4 id="certificate">Certificat</h4>
<div class="level4">
<p>
Voir les <a href="../samlservice.html#security_parameters" class="wikilink1" title="documentation:2.0:samlservice">paramètres de sécurité SAML</a> pour générer un certificat avec une clef privée <abbr title="Security Assertion Markup Language">SAML</abbr>.
</p>
</div>
<h4 id="saml_assertion">Assertion SAML</h4>
<div class="level4">
<p>
Il faut utiliser la fonctionnalité initiée par l'IDP de <abbr title="LemonLDAP::NG">LL::NG</abbr>. Lancer simplement cette <abbr title="Uniform Resource Locator">URL</abbr>:
</p>
<pre class="code">https://auth.example.com/saml/singleSignOn?IDPInitiated=1&amp;sp=mycompanyid.csod.com</pre>
</div><!-- EDIT5 SECTION "CSOD control panel" [2121-] -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink