lemonldap-ng/doc/pages/documentation/current/upgrade.html

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:upgrade</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,upgrade"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="upgrade.html"/>
<link rel="contents" href="upgrade.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:upgrade","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#security">Security</a></div></li>
<li class="level1"><div class="li"><a href="#handlers">Handlers</a></div></li>
<li class="level1"><div class="li"><a href="#rules_and_headers">Rules and headers</a></div></li>
<li class="level1"><div class="li"><a href="#supported_servers">Supported servers</a></div></li>
<li class="level1"><div class="li"><a href="#soaprest_services">SOAP/REST services</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#apis">APIs</a></div></li>
<li class="level2"><div class="li"><a href="#portal_overview">Portal overview</a></div></li>
<li class="level2"><div class="li"><a href="#handler">Handler</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="upgrade_from_19_to_20">Upgrade from 1.9 to 2.0</h1>
<div class="level1">
<div class="noteimportant">2.0 is a major release, many things have been changed. You must read this document before upgrade.
</div>
</div>
<!-- EDIT1 SECTION "Upgrade from 1.9 to 2.0" [1-162] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> User module in authentication parameters now provides a “Same as authentication” value. You must revalidate it in the manager since all special values must be replaced by this <em>(Multi, Choice, Proxy, Slave, <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID*,…)</em></div>
</li>
<li class="level1"><div class="li"> <strong>“Multi” doesn&#039;t exist anymore</strong>: it is replaced by the more powerful <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a></div>
</li>
</ul>
<div class="notewarning">Apache-ModPerl is no longer usable since version 2.4 <em>(many segfaults,…)</em>. LLNG doesn&#039;t use anymore ModPerl::Registry: all is now handle by FastCGI <em>(portal and manager)</em>.
<p>
<strong>For handlers, it is now recommended to migrate to Nginx</strong>, but Apache-2 is still supported
</p>

</div>
</div>
<!-- EDIT2 SECTION "Configuration" [163-823] -->
<h2 class="sectionedit3" id="security">Security</h2>
<div class="level2">

<p>
LLNG portal now embeds the following features:
</p>
<ul>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery" class="urlextern" title="https://en.wikipedia.org/wiki/Cross-site_request_forgery"  rel="nofollow">CSRF</a> protection <em>(Cross-Site Request Forgery)</em>: a token is build for each form. To disable it, set requireToken to 0 <em>(portal security parameters in the manager)</em></div>
</li>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Content_Security_Policy" class="urlextern" title="https://en.wikipedia.org/wiki/Content_Security_Policy"  rel="nofollow">Content-Security-Policy</a> header: portal build dynamically this header. You can modify default values in the manager <em>(Général parameters » Advanced parameters » Security » Content-Security-Policy)</em></div>
</li>
</ul>

</div>
<!-- EDIT3 SECTION "Security" [824-1391] -->
<h2 class="sectionedit4" id="handlers">Handlers</h2>
<div class="level2">

<p>
Now, <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a>, <a href="documentation/latest/applications/zimbra.html" class="wikilink1" title="documentation:latest:applications:zimbra">ZimbraPreAuth</a>, <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">SecureToken</a> and <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic</a> are <a href="handlerarch.html" class="wikilink1" title="documentation:2.0:handlerarch">Handler Types</a>. So there is no more special file to load: you just have to choose “VirtualHost type” in the manager/VirtualHosts.
</p>

</div>
<!-- EDIT4 SECTION "Handlers" [1392-1740] -->
<h2 class="sectionedit5" id="rules_and_headers">Rules and headers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> pseudo variable <code>$ip</code> is replaced by <code><a href="extendedfunctions.html#request_information" class="wikilink1" title="documentation:2.0:extendedfunctions">remote_ip()</a></code> function in <a href="writingrulesand_headers.html" class="wikilink1" title="documentation:2.0:writingrulesand_headers">rules and headers</a>. Note that session variable <code>$ipAddr</code> <em>(remote address seen by portal)</em> is still available</div>
</li>
</ul>

</div>
<!-- EDIT5 SECTION "Rules and headers" [1741-2026] -->
<h2 class="sectionedit6" id="supported_servers">Supported servers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Apache-1.3 files are not provided now. You can build them yourself by looking at Apache-2 configuration files</div>
</li>
</ul>

</div>
<!-- EDIT6 SECTION "Supported servers" [2027-2172] -->
<h2 class="sectionedit7" id="soaprest_services">SOAP/REST services</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled</div>
</li>
<li class="level1"><div class="li"> Notifications are now REST/JSON by default. You can force old format in the manager. Note that SOAP proxy has changed: <a href="http://portal/notifications" class="urlextern" title="http://portal/notifications"  rel="nofollow">http://portal/notifications</a> now.</div>
</li>
<li class="level1"><div class="li"> If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals in the same time</div>
</li>
<li class="level1"><div class="li"> SOAP services can be replaced by new REST services</div>
</li>
</ul>
<div class="noteimportant"><a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic Handler</a> uses now REST services instead of SOAP.
</div>
</div>
<!-- EDIT7 SECTION "SOAP/REST services" [2173-2771] -->
<h2 class="sectionedit8" id="developer_corner">Developer corner</h2>
<div class="level2">

</div>
<!-- EDIT8 SECTION "Developer corner" [2772-2801] -->
<h3 class="sectionedit9" id="apis">APIs</h3>
<div class="level3">

<p>
Portal has now many REST features and includes a plugin <abbr title="Application Programming Interface">API</abbr>. See Portal manpages to see how to write auth modules, issuers or other feature.
</p>

</div>
<!-- EDIT9 SECTION "APIs" [2802-2959] -->
<h3 class="sectionedit10" id="portal_overview">Portal overview</h3>
<div class="level3">

<p>
Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume
</p>
<pre class="file">Portal object
  |
  +-&gt; auth module
  |
  +-&gt; userDB module
  |
  +-&gt; issuer modules
  |
  +-&gt; other plugins (notification,...)</pre>

<p>
The request is a separated object based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.
</p>

</div>
<!-- EDIT10 SECTION "Portal overview" [2960-3407] -->
<h3 class="sectionedit11" id="handler">Handler</h3>
<div class="level3">
<div class="noteimportant">Handler libraries have been totally rewritten. If you&#039;ve made custom handlers, they must be rewritten. See <a href="customhandlers.html" class="wikilink1" title="documentation:2.0:customhandlers">customhandlers</a>
</div>
</div>
<!-- EDIT11 SECTION "Handler" [3408-] --></div>
</body>
</html>