documentation: refactor documentation (refs #5455).
This commit is contained in:
parent
48d0f3237e
commit
becd97ac4c
|
@ -0,0 +1,16 @@
|
|||
.. _admin_access:
|
||||
|
||||
============================================
|
||||
Access the grapical administration interface
|
||||
============================================
|
||||
|
||||
The grapical administration interface is the 'Django admin' part of a Django
|
||||
project. See for more information.
|
||||
|
||||
Just acces the admin url at http[s]://your.domain.com/admin.
|
||||
|
||||
At first you log with the superuser you created at the very first database
|
||||
initialization.
|
||||
|
||||
Then you can configure other accesses to the admin checking the is_staff
|
||||
option displayed on a user in the admin.
|
|
@ -1,8 +1,8 @@
|
|||
.. _administration_with_policies:
|
||||
|
||||
==========================================================
|
||||
How global policies are used in Authentic 2 administration
|
||||
==========================================================
|
||||
==================
|
||||
Work with policies
|
||||
==================
|
||||
|
||||
The policy management with global policies is nearly used for any kind of
|
||||
policy in Authentic 2.
|
||||
|
@ -10,43 +10,28 @@ policy in Authentic 2.
|
|||
For each kind of these policies, the system takes in account two special
|
||||
global policies named 'Default' and 'All':
|
||||
|
||||
* If no other policy applies, the policy 'Default' will apply.
|
||||
|
||||
* A policy can be created and attached to any related object. This policy is authoritative on policy 'Default'.
|
||||
|
||||
* There is always a system default that does not correspond to the 'Default'
|
||||
policy. This is used to make Authentic 2 boot without initial
|
||||
configuration. When you add a 'Default' policy, the system default are not
|
||||
used anymore.
|
||||
* A policy has always a name, 'Default' and 'All' are the names of two special
|
||||
policies with their name hardcoded. But you can create or delete them.
|
||||
* If no other policy applies, the policy 'Default' applies.
|
||||
* A policy can be created and attached to any related object. This policy is
|
||||
authoritative on the policy 'Default'.
|
||||
* If the policy 'All' exists, it is authoritative on any other policy.
|
||||
* The global policies 'All' and 'Default' are created by the administrator if
|
||||
necessary.
|
||||
* A policy is taken in account only if it is enabled.
|
||||
* When a regular policy is associated with an object, it is taken in account
|
||||
only if the option 'enable the following policy' is checked on the oject.
|
||||
|
||||
* The global policies must be created by the administrator if necessary.
|
||||
It is advised to add a 'Default' global policy when it is expected to apply a
|
||||
policy to all related objects. A 'Default' global policy should be defined to
|
||||
avoid misonfiguration.
|
||||
|
||||
**A policy is taken in account only if it is enabled.**
|
||||
Add a regular policy to some objects are used to handle particular
|
||||
configurations for a subset of related objects.
|
||||
|
||||
**When a regular policy is associated with an object, it is taken in account
|
||||
only if the option 'enable the following policy' is checked.**
|
||||
|
||||
::
|
||||
|
||||
def get_sample_policy(any_object):
|
||||
# Look for a global policy 'All'
|
||||
try:
|
||||
return SamplePolicy.objects.get(name='All', enabled=True)
|
||||
except SamplePolicy.DoesNotExist:
|
||||
pass
|
||||
# Look for a regular policy
|
||||
if any_object.enable_following_sample_policy:
|
||||
if any_object.sample_policy:
|
||||
return any_object.sample_policy
|
||||
# Look for a global policy 'Default'
|
||||
try:
|
||||
return SamplePolicy.objects.get(name='Default', enabled=True)
|
||||
except SamplePolicy.DoesNotExist:
|
||||
pass
|
||||
return None
|
||||
|
||||
*It is advised to add a 'Default' global policy when it is expected to apply a
|
||||
policy to all related objects. Add e regular policy to some objects are then
|
||||
used to handle particular configurations.*
|
||||
|
||||
*A 'Default' global policy should be defined to avoid misonfiguration.*
|
||||
|
||||
*A 'All' global policy should be used to enforce a global configuration for
|
||||
all related objects or for testing purposes.*
|
||||
An 'All' global policy should be used to enforce a global configuration for
|
||||
all related objects or for testing purposes.
|
||||
|
|
|
@ -0,0 +1,125 @@
|
|||
.. _advanced:
|
||||
|
||||
===============
|
||||
Advanced topics
|
||||
===============
|
||||
|
||||
|
||||
- :ref:`attributes_in_session`
|
||||
- :ref:`writing_migrations`
|
||||
- :ref:`write_new_kind_policy`
|
||||
|
||||
.. _attributes_in_session:
|
||||
|
||||
Attributes in session pushed by third SAML2 identity providers
|
||||
==============================================================
|
||||
|
||||
When an assertion is received, assertion data, including attributes, are
|
||||
pushed in the Django session dictionnary.
|
||||
|
||||
It leads to the creation of the following dictionnary::
|
||||
|
||||
request.session['multisource_attributes']
|
||||
|
||||
The keys of the dictionnary are the source names, i.e. the entity Id for
|
||||
SAML2 identity providers.
|
||||
|
||||
The values are list of data extracted from assertions. Indeed, this is done
|
||||
to store multiple assertion received from a same source in a same Django
|
||||
session::
|
||||
|
||||
request.session['multisource_attributes'] \
|
||||
[source_name] = list()
|
||||
|
||||
The items of this list are dictionnaries with the keys 'certificate_type' and
|
||||
'attributes'.
|
||||
|
||||
For a saml2 assertion, all the keys are::
|
||||
|
||||
a8n['certificate_type'] = 'SAML2_assertion'
|
||||
a8n['nameid'] = ...
|
||||
a8n['subject_confirmation_method'] = ...
|
||||
a8n['not_before'] = ...
|
||||
a8n['not_on_or_after'] = ...
|
||||
a8n['authn_context'] = ...
|
||||
a8n['authn_instant'] = ...
|
||||
a8n['attributes'] = attrs
|
||||
|
||||
a8n['attributes'] has the following structure::
|
||||
|
||||
attributes = {}
|
||||
attributes[name] = (value1, value2, )
|
||||
attributes[(name, format)] = (value1, value2, )
|
||||
attributes[(name, format, nickname)] = (value1, value2, )
|
||||
a8n['attributes'] = attributes
|
||||
|
||||
.. _writing_migrations:
|
||||
|
||||
Writing migrations
|
||||
==================
|
||||
|
||||
Migration containing reference to the user model must be rewritten manually to
|
||||
refer to the user model name indirectly. The followind modifications must be applied.
|
||||
|
||||
1. First import the `user_model_label` from the `authentic2.compat` module:
|
||||
|
||||
::
|
||||
|
||||
from authentic2.compat import user_model_label
|
||||
|
||||
Any reference to `orm['auth.User']` or `orm['authentic2.User']` must be
|
||||
rewritten into `orm[user_model_label]`. For example this line:::
|
||||
|
||||
('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['authentic2.User'])),
|
||||
|
||||
must be changed to:::
|
||||
|
||||
('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm[user_model_label])),
|
||||
|
||||
2. The user model when appearing in the `models` field like this:
|
||||
|
||||
::
|
||||
|
||||
u'auth.user': {
|
||||
'meta': {'object_name': 'User',
|
||||
|
||||
must be rewritten like that:::
|
||||
|
||||
user_model_label: {
|
||||
'Meta': {'object_name': user_model_label.split('.')[-1]},
|
||||
|
||||
3. If the user model is referred inside the `to` field of a foreign key
|
||||
declaration like this:
|
||||
|
||||
::
|
||||
|
||||
'user': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"})
|
||||
|
||||
must be rewritten like that:::
|
||||
|
||||
'user': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['%s']" user_model_label})
|
||||
|
||||
.. _write_new_kind_policy:
|
||||
|
||||
Add a new kind of administration policy
|
||||
=======================================
|
||||
|
||||
See how policies works :ref:`administration_with_policies`. Then, the bahavior
|
||||
should look like::
|
||||
|
||||
def get_sample_policy(any_object):
|
||||
# Look for a global policy 'All'
|
||||
try:
|
||||
return SamplePolicy.objects.get(name='All', enabled=True)
|
||||
except SamplePolicy.DoesNotExist:
|
||||
pass
|
||||
# Look for a regular policy
|
||||
if any_object.enable_following_sample_policy:
|
||||
if any_object.sample_policy:
|
||||
return any_object.sample_policy
|
||||
# Look for a global policy 'Default'
|
||||
try:
|
||||
return SamplePolicy.objects.get(name='Default', enabled=True)
|
||||
except SamplePolicy.DoesNotExist:
|
||||
pass
|
||||
return None
|
|
@ -36,11 +36,13 @@ Create a SAML2 service provider entry
|
|||
|
||||
.. image:: pictures/new_saml2_sp_1.png
|
||||
:width: 800 px
|
||||
:align: center
|
||||
|
||||
.. image:: pictures/new_saml2_sp_2.png
|
||||
:width: 800 px
|
||||
:align: center
|
||||
|
||||
**The service provider must be enabled.**
|
||||
**Note:** The service provider must be enabled.
|
||||
|
||||
See below about configuring the service provider with policies:
|
||||
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
.. _configuration:
|
||||
|
||||
=============
|
||||
Configuration
|
||||
=============
|
||||
|
||||
Configuration with settings
|
||||
===========================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
settings
|
||||
|
||||
settings_listing
|
||||
|
||||
Configuration with the administration interface
|
||||
===============================================
|
||||
|
||||
Basics
|
||||
------
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
admin_access
|
||||
|
||||
administration_with_policies
|
||||
|
||||
Authentication backends
|
||||
-----------------------
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
auth_ldap
|
||||
|
||||
auth_pam
|
||||
|
||||
SAML2
|
||||
-----
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
where_metadata
|
||||
|
||||
config_saml2_sp
|
||||
|
||||
config_saml2_idp
|
||||
|
||||
saml2_slo
|
||||
|
||||
CAS
|
||||
---
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
config_cas_sp
|
||||
|
||||
Attributes
|
||||
----------
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
attribute_management
|
||||
|
||||
User interfaces and interactions
|
||||
--------------------------------
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
consent_management
|
||||
|
||||
Administration
|
||||
==============
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
translation
|
||||
|
||||
cronjobs
|
||||
|
||||
sync-metadata_script
|
|
@ -0,0 +1,18 @@
|
|||
.. _copyright:
|
||||
|
||||
=========
|
||||
Copyright
|
||||
=========
|
||||
|
||||
Authentic and Authentic 2 are copyrighted by Entr'ouvert and are licensed
|
||||
through the GNU AFFERO GENERAL PUBLIC LICENSE, version 3 or later. A copy of
|
||||
the whole license text is available in the COPYING file.
|
||||
|
||||
The OpenID IdP originates in the project django_openid_provider by Roman
|
||||
Barczyski, which is under the Apache 2.0 licence. This imply that you must
|
||||
distribute authentic2 under the AGPL3 licence when distributing this part of the
|
||||
project which is the only AGPL licence version compatible with the Apache 2.0
|
||||
licence.
|
||||
|
||||
The Documentation is under the licence Creative Commons
|
||||
`CC BY-SA 2.0 <http://creativecommons.org/licenses/by-sa/2.0/>`_.
|
|
@ -0,0 +1,11 @@
|
|||
.. _cronjobs:
|
||||
|
||||
|
||||
Cronjobs and cleaning
|
||||
=====================
|
||||
|
||||
The following cronjob must be run to clean deleted accounts and temporary objects::
|
||||
|
||||
5 0 * * * athentic2-ctl cleanup
|
||||
|
||||
It's made to run every day at 00:05.
|
|
@ -0,0 +1,60 @@
|
|||
.. _deployment:
|
||||
|
||||
==================================================
|
||||
Running Authentic 2 for real (Nginx, Apache, etc.)
|
||||
==================================================
|
||||
|
||||
|
||||
DEBUG Mode by default, static files and the Django debug toolbar dependency ?
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
By default, Authentic 2 is in the DEBUG mode. We made this default choice
|
||||
because most of the Authentic 2's users will begin with Authentic 2 using
|
||||
the Django development server (runserver command) and we want to avoid them
|
||||
a bad first impression because static files would not be served. As a matter
|
||||
of fact, static files are served by the Django development server only when
|
||||
the project is run in the DEBUG mode.
|
||||
|
||||
In the DEBUG mode, the Django debug toolbar is used what adds a dependency.
|
||||
|
||||
In production, the Django development server should not be used to serve
|
||||
Authentic 2 and a dedicated server should also be used to serve the static
|
||||
files.
|
||||
|
||||
Set Authentic into the no DEBUG Mode
|
||||
------------------------------------
|
||||
|
||||
It is enough to edit authentic2/settings.py and set::
|
||||
|
||||
DEBUG = False
|
||||
|
||||
From then on the django-debug-toolbar package is not necessary anymore.
|
||||
|
||||
Use dedicated HTTP servers and serve static files
|
||||
-------------------------------------------------
|
||||
|
||||
The best is to use a server dedicated to serve the Django applications and a
|
||||
different server to serve the static files.
|
||||
|
||||
You could for instance use apache with mod_wsgi to serve Authentic 2. You will
|
||||
find configuration file examples in the debian directory of the Authentic 2
|
||||
sources.
|
||||
|
||||
Then you may want to use nginx to serve the static files.
|
||||
|
||||
First you need to collect the Authentic 2 static files. The static files are
|
||||
collected using the collectstatic command that is configured in the
|
||||
settings.py.
|
||||
|
||||
By default, running collectstatic will create a static directory in the parent
|
||||
directory of the authentic2 directory::
|
||||
|
||||
$python authentic2/manage.py collectstatic
|
||||
|
||||
That static directory will contain all the static files of Authentic 2.
|
||||
|
||||
If you want to change the path of the static directory you can edit
|
||||
STATIC_ROOT of the settings file.
|
||||
|
||||
See https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/ for more
|
||||
information about collectstatic.
|
73
index.rst
73
index.rst
|
@ -7,83 +7,38 @@
|
|||
Authentic 2's documentation
|
||||
===========================
|
||||
|
||||
Authentic 2 is a versatile identity provider addressing a broad
|
||||
range of needs, from simple to advanced setups, around web authentication,
|
||||
attribute sharing and namespace mapping.
|
||||
Authentic 2 is a versatile identity management server aiming to address a
|
||||
broad range of needs, from simple to complex setups; it has support for many
|
||||
protocols and can bridge between them.
|
||||
|
||||
Authentic 2 supports many protocols and standards, including SAML2, CAS, OpenID,
|
||||
LDAP, X509, OATH, and can bridge between them.
|
||||
LDAP, X509 and OAUTH2.
|
||||
|
||||
Authentic 2 is under the GNU AGPL version 3 licence.
|
||||
|
||||
It has support for SAMLv2 thanks to `Lasso <http://lasso.entrouvert.org>`_,
|
||||
a free (GNU GPL) implementation of the Liberty Alliance and OASIS
|
||||
specifications of SAML2, ID-FF1.2 and ID-WSF2.
|
||||
specifications of SAML2.
|
||||
|
||||
The Documentation is under the licence Creative Commons `CC BY-SA 2.0 <http://creativecommons.org/licenses/by-sa/2.0/>`_.
|
||||
Consult current Authentic 2 activity on the `project site <http://dev.entrouvert.org/projects/authentic>`_
|
||||
|
||||
- `Authentic 2 project site <http://dev.entrouvert.org/projects/authentic>`_
|
||||
- `Authentic 2 roadmap <http://dev.entrouvert.org/projects/authentic/roadmap>`_
|
||||
|
||||
Documentation content
|
||||
=====================
|
||||
If you don't find an explanation, you don't understand it or one is missing,
|
||||
please report it on the list.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
:maxdepth: 1
|
||||
|
||||
features
|
||||
overview
|
||||
|
||||
installation
|
||||
|
||||
production
|
||||
configuration
|
||||
|
||||
upgrading
|
||||
advanced
|
||||
|
||||
change_db
|
||||
copyright
|
||||
|
||||
settings
|
||||
|
||||
auth_ldap
|
||||
|
||||
auth_pam
|
||||
|
||||
administration_with_policies
|
||||
|
||||
where_metadata
|
||||
|
||||
config_saml2_sp
|
||||
|
||||
config_saml2_idp
|
||||
|
||||
saml2_slo
|
||||
|
||||
sync-metadata_script
|
||||
|
||||
config_cas_sp
|
||||
|
||||
attribute_management
|
||||
|
||||
attribute_management_explained
|
||||
|
||||
attributes_in_session
|
||||
|
||||
consent_management
|
||||
|
||||
Copyright
|
||||
=========
|
||||
|
||||
Authentic and Authentic 2 are copyrighted by Entr'ouvert and are licensed
|
||||
through the GNU AFFERO GENERAL PUBLIC LICENSE, version 3 or later. A copy of
|
||||
the whole license text is available in the COPYING file.
|
||||
|
||||
The OpenID IdP originates in the project django_openid_provider by Roman
|
||||
Barczyski, which is under the Apache 2.0 licence. This imply that you must
|
||||
distribute authentic2 under the AGPL3 licence when distributing this part of the
|
||||
project which is the only AGPL licence version compatible with the Apache 2.0
|
||||
licence.
|
||||
|
||||
The Documentation is under the licence Creative Commons
|
||||
`CC BY-SA 2.0 <http://creativecommons.org/licenses/by-sa/2.0/>`_.
|
||||
This documentation is under the licence Creative Commons `CC BY-SA 2.0 <http://creativecommons.org/licenses/by-sa/2.0/>`_.
|
||||
|
||||
.. Indices and tables
|
||||
.. ==================
|
||||
|
|
275
installation.rst
275
installation.rst
|
@ -1,261 +1,54 @@
|
|||
.. _installation:
|
||||
|
||||
============
|
||||
Installation
|
||||
============
|
||||
=====================================
|
||||
Installation and quickstart tutorials
|
||||
=====================================
|
||||
|
||||
Authentic 2 installation script handles all the dependencies, except Lasso,
|
||||
relying on the Setuptools and the pypi repository.
|
||||
You'll find here how to start and configure very quickly Authentic 2 for its
|
||||
main features. You just need Python 2.7 and Django 1.5.
|
||||
|
||||
To run Authentic 2 you need to install Lasso >=2.3.6. You can obtain Lasso
|
||||
from:
|
||||
First of all, you can boot Authentic vwithout root
|
||||
privileges like this:
|
||||
|
||||
- From sources: http://lasso.entrouvert.org/download
|
||||
- Debian based distribution: http://deb.entrouvert.org/
|
||||
1. Initialize a virtualenv::
|
||||
|
||||
The other Authentic 2 dependencies are:
|
||||
virtualenv authentic
|
||||
source ./authentic/bin/activate
|
||||
cd authentic
|
||||
|
||||
- django >= 1.3
|
||||
- django-profiles >= 0.2
|
||||
- south >= 0.7.3
|
||||
- django-authopenid >= 0.9.6
|
||||
- django-debug-toolbar >= 0.9.0
|
||||
|
||||
Their management depends on how you install Authentic 2:
|
||||
|
||||
- You can :ref:`install-pypi-ref`
|
||||
- You can :ref:`obtain-pypi-ref`
|
||||
- You can :ref:`obtain-git-ref`
|
||||
|
||||
Lasso installation mock-up
|
||||
--------------------------
|
||||
|
||||
Please see the Lasso website for installation details. This is a quick
|
||||
installation example.
|
||||
|
||||
Install the following Lasso dependencies:
|
||||
|
||||
- autoconf
|
||||
- automake
|
||||
- autotools-dev
|
||||
- libtool
|
||||
- gtk-doc-tools
|
||||
- zlib1g-dev
|
||||
- libglib2.0-dev
|
||||
- openssl-dev
|
||||
- libxml2-dev
|
||||
- libxmlsec1-dev
|
||||
- python2.6-dev
|
||||
- python-setuptools
|
||||
|
||||
Obtain Lasso::
|
||||
|
||||
$wget https://dev.entrouvert.org/lasso/lasso-2.3.6.tar.gz
|
||||
$tar xzvf lasso-2.3.6.tar.gz
|
||||
$cd lasso-2.3.6
|
||||
$./autogen.sh
|
||||
|
||||
Be sure that the Python bindings is selected as follows::
|
||||
|
||||
=============
|
||||
Configuration
|
||||
=============
|
||||
|
||||
Main
|
||||
----
|
||||
|
||||
Compiler: gcc
|
||||
CFLAGS:
|
||||
Install prefix: /usr/local
|
||||
Debugging: no
|
||||
Experimental ID-WSF: no
|
||||
|
||||
Optionals builds
|
||||
----------------
|
||||
|
||||
Available languages: java(4.6.1) python(2.7) perl(5.12.4)
|
||||
|
||||
Java binding: yes
|
||||
Perl binding: yes
|
||||
PHP 5 binding: no
|
||||
Python binding: yes
|
||||
|
||||
C API references: yes
|
||||
Tests suite: no
|
||||
|
||||
|
||||
Now type 'make install' to install lasso.
|
||||
|
||||
As indicated, build and install::
|
||||
|
||||
$make install
|
||||
$ldconfig
|
||||
|
||||
Set the lasso python binding in you python path, e.g.::
|
||||
|
||||
$export PYTHONPATH="$PYTHONPATH:/usr/local/lib/python2.6/site-packages"
|
||||
|
||||
Test trying to import Lasso::
|
||||
|
||||
$python
|
||||
>>> import lasso
|
||||
|
||||
.. _install-pypi-ref:
|
||||
|
||||
Install Authentic directly from pypi
|
||||
------------------------------------
|
||||
|
||||
Using pip::
|
||||
2. Install Authentic::
|
||||
|
||||
pip install authentic2
|
||||
|
||||
or easy_install::
|
||||
3. Initialize the database migrations::
|
||||
|
||||
easy_install authentic2
|
||||
authentic2-ctl syncdb --migrate
|
||||
|
||||
You can now run Authentic from the installation directory, e.g.::
|
||||
4. Run the HTTP test server::
|
||||
|
||||
python /usr/local/lib/python2.6/site-packages/authentic2-x.y.z-py2.6.egg/authentic2/manage.py syncdb --migrate
|
||||
python /usr/local/lib/python2.6/site-packages/authentic2-x.y.z-py2.6.egg/authentic2/manage.py runserver
|
||||
authentic2-ctl runserver
|
||||
|
||||
You should see the following output::
|
||||
Quickstart guides and installation guidelines
|
||||
---------------------------------------------
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
Django version 1.4, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
installation_modes
|
||||
change_db
|
||||
upgrading
|
||||
deployment
|
||||
|
||||
.. _obtain-pypi-ref:
|
||||
Quickstarts
|
||||
___________
|
||||
|
||||
Obtain the last package archive from pypi
|
||||
-----------------------------------------
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
Download the archive on http://pypi.python.org/pypi/authentic2/.
|
||||
|
||||
Then, you can install it directly from the archive using pip::
|
||||
|
||||
pip install authentic2-x.z.y.tar.gz
|
||||
|
||||
or easy_install::
|
||||
|
||||
easy_install authentic2-x.z.y.tar.gz
|
||||
|
||||
You can now run Authentic from the installation directory, e.g.::
|
||||
|
||||
python /usr/local/lib/python2.6/site-packages/authentic2-x.y.z-py2.6.egg/authentic2/manage.py syncdb --migrate
|
||||
python /usr/local/lib/python2.6/site-packages/authentic2-x.y.z-py2.6.egg/authentic2/manage.py runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.4, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
|
||||
You may not want to install the authentic2 package or you may want to manage the dependencies
|
||||
_____________________________________________________________________________________________
|
||||
|
||||
Then, extract the archive::
|
||||
|
||||
tar xzvf authentic2-x.z.y.tar.gz
|
||||
cd authentic2-x.z.y
|
||||
|
||||
You can now install the dependencies by hands or use pypi to install them as
|
||||
follows, either::
|
||||
|
||||
pip install django django-profiles south django-authopenid django-debug-toolbar
|
||||
|
||||
or using the dependencies version requirements::
|
||||
|
||||
python setup.py egg_info
|
||||
pip install -r authentic2.egg-info/requires.txt
|
||||
|
||||
Then run Authentic from the extracted directory::
|
||||
|
||||
python authentic2/manage.py syncdb --migrate
|
||||
python authentic2/manage.py runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.4, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
|
||||
.. _obtain-git-ref:
|
||||
|
||||
Obtain the last sources from the Git repository
|
||||
-----------------------------------------------
|
||||
|
||||
Clone the repository::
|
||||
|
||||
git clone http://repos.entrouvert.org/authentic.git
|
||||
|
||||
Then, you can install it directly using pip::
|
||||
|
||||
pip install ./authentic
|
||||
|
||||
or easy_install::
|
||||
|
||||
easy_install ./authentic
|
||||
|
||||
You can now run Authentic from the installation directory, e.g.::
|
||||
|
||||
python /usr/local/lib/python2.6/site-packages/authentic2-x.y.z-py2.6.egg/authentic2/manage.py syncdb --migrate
|
||||
python /usr/local/lib/python2.6/site-packages/authentic2-x.y.z-py2.6.egg/authentic2/manage.py runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.4, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
|
||||
You may not want to install the authentic2 package or you may want to manage the dependencies
|
||||
_____________________________________________________________________________________________
|
||||
|
||||
Then, extract the archive::
|
||||
|
||||
cd authentic
|
||||
|
||||
You can now install the dependencies by hands or use pypi to install them as
|
||||
follows, either::
|
||||
|
||||
pip install django django-profiles south django-authopenid django-debug-toolbar
|
||||
|
||||
or using the dependencies version requirements::
|
||||
|
||||
python setup.py egg_info
|
||||
pip install -r authentic2.egg-info/requires.txt
|
||||
|
||||
Then run Authentic::
|
||||
|
||||
python authentic2/manage.py syncdb --migrate
|
||||
python authentic2/manage.py runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.4, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
quick_oauth2_idp
|
||||
quick_saml2_idp
|
||||
quick_saml2_sp
|
||||
quick_cas_idp
|
||||
quick_ldap_backend
|
||||
quick_pam
|
||||
|
|
|
@ -0,0 +1,205 @@
|
|||
.. _installation_modes:
|
||||
|
||||
==================
|
||||
Installation modes
|
||||
==================
|
||||
|
||||
The current version of Authentic 2 works with Python 2.7 and Django 1.5.
|
||||
|
||||
Authentic 2 python installation script handles all the dependencies,
|
||||
except Lasso, relying on the Setuptools and the pypi repository.
|
||||
|
||||
To run Authentic 2 with SAML2 features, you need to install lasso >= 2.3.6,
|
||||
see :ref:`install-lasso-ref`.
|
||||
|
||||
The other Authentic 2 dependencies are:
|
||||
|
||||
- Django<1.6
|
||||
- south>=0.8.4
|
||||
- requests
|
||||
- django-model-utils
|
||||
- django-registration>=1
|
||||
- django-debug-toolbar>=1.2,<1.3
|
||||
- --allow-external django-admin-tools
|
||||
- --allow-unverified django-admin-tools
|
||||
- django-admin-tools>=0.5.1
|
||||
- dnspython
|
||||
- django-select2
|
||||
- django-tables2
|
||||
- gadjo
|
||||
- django-import-export
|
||||
- django-sekizai
|
||||
|
||||
Install Authentic 2:
|
||||
|
||||
- :ref:`install-pypi-ref`
|
||||
- :ref:`obtain-pypi-ref`
|
||||
- :ref:`obtain-git-ref`
|
||||
|
||||
.. _install-lasso-ref:
|
||||
|
||||
Lasso installation
|
||||
------------------
|
||||
|
||||
Lasso is available in the linux debian destribution repositories. If you are
|
||||
installing Authentic 2 on debian, just execute ::
|
||||
|
||||
apt-get install python-lasso
|
||||
|
||||
You'll find more updated packages on http://deb.entrouvert.org/.
|
||||
|
||||
We also provide rpm packages for redhat, see https://dev.entrouvert.org/redhat/README.
|
||||
|
||||
You can also install lasso from sources http://lasso.entrouvert.org/download
|
||||
|
||||
See the `Lasso website <http://lasso.entrouvert.org>`_ for installation details.
|
||||
This is a quick installation example.
|
||||
|
||||
Install the following Lasso dependencies:
|
||||
|
||||
- autoconf
|
||||
- automake
|
||||
- autotools-dev
|
||||
- libtool
|
||||
- gtk-doc-tools
|
||||
- zlib1g-dev
|
||||
- libglib2.0-dev
|
||||
- openssl-dev
|
||||
- libxml2-dev
|
||||
- libxmlsec1-dev
|
||||
- python2.6-dev
|
||||
- python-setuptools
|
||||
|
||||
Obtain Lasso::
|
||||
|
||||
$wget https://dev.entrouvert.org/lasso/lasso-2.3.6.tar.gz
|
||||
$tar xzvf lasso-2.3.6.tar.gz
|
||||
$cd lasso-2.3.6
|
||||
$./autogen.sh
|
||||
|
||||
Be sure that the Python bindings is selected as follows::
|
||||
|
||||
=============
|
||||
Configuration
|
||||
=============
|
||||
|
||||
Main
|
||||
----
|
||||
|
||||
Compiler: gcc
|
||||
CFLAGS:
|
||||
Install prefix: /usr/local
|
||||
Debugging: no
|
||||
Experimental ID-WSF: no
|
||||
|
||||
Optionals builds
|
||||
----------------
|
||||
|
||||
Available languages: java(4.6.1) python(2.7) perl(5.12.4)
|
||||
|
||||
Java binding: yes
|
||||
Perl binding: yes
|
||||
PHP 5 binding: no
|
||||
Python binding: yes
|
||||
|
||||
C API references: yes
|
||||
Tests suite: no
|
||||
|
||||
|
||||
Now type 'make install' to install lasso.
|
||||
|
||||
As indicated, build and install::
|
||||
|
||||
$make install
|
||||
$ldconfig
|
||||
|
||||
Set the lasso python binding in you python path, e.g.::
|
||||
|
||||
$export PYTHONPATH="$PYTHONPATH:/usr/local/lib/python2.6/site-packages"
|
||||
|
||||
Test trying to import Lasso::
|
||||
|
||||
$python
|
||||
>>> import lasso
|
||||
|
||||
.. _install-pypi-ref:
|
||||
|
||||
Install Authentic directly from pypi
|
||||
------------------------------------
|
||||
|
||||
Using pip::
|
||||
|
||||
pip install authentic2
|
||||
|
||||
You can now run Authentic from the installation directory::
|
||||
|
||||
./authentic2-ctl syncdb --migrate
|
||||
./authentic2-ctl runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.5, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
|
||||
.. _obtain-pypi-ref:
|
||||
|
||||
Obtain the last package archive from pypi
|
||||
-----------------------------------------
|
||||
|
||||
Download the archive on http://pypi.python.org/pypi/authentic2/.
|
||||
|
||||
Then, you can install it directly from the archive using pip::
|
||||
|
||||
pip install authentic2-x.z.y.tar.gz
|
||||
|
||||
You can now run Authentic from the installation directory, e.g.::
|
||||
|
||||
./authentic2-ctl syncdb --migrate
|
||||
./authentic2-ctl runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.5, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
|
||||
.. _obtain-git-ref:
|
||||
|
||||
Obtain the last sources from the Git repository
|
||||
-----------------------------------------------
|
||||
|
||||
Clone the repository::
|
||||
|
||||
git clone http://repos.entrouvert.org/authentic.git
|
||||
|
||||
Then, you can install it directly using pip::
|
||||
|
||||
cd authentic
|
||||
pip install -e .
|
||||
|
||||
You can now run Authentic from the installation directory, e.g.::
|
||||
|
||||
./authentic2-ctl syncdb --migrate
|
||||
./authentic2-ctl runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.5, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
|
@ -0,0 +1,58 @@
|
|||
.. _overview:
|
||||
|
||||
========
|
||||
Overview
|
||||
========
|
||||
|
||||
Authentic 2 is a versatile identity management server aiming to address a
|
||||
broad range of needs, from simple to complex setups; it has support for many
|
||||
protocols and can bridge between them.
|
||||
|
||||
Authentic 2 supports many protocols and standards, including SAML2, CAS, OpenID,
|
||||
LDAP, X509 and OAUTH2.
|
||||
|
||||
Authentic 2 is under the GNU AGPL version 3 licence.
|
||||
|
||||
It has support for SAMLv2 thanks to `Lasso <http://lasso.entrouvert.org>`_,
|
||||
a free (GNU GPL) implementation of the Liberty Alliance and OASIS
|
||||
specifications of SAML2.
|
||||
|
||||
Authentic 2 requires Python 2.7 et Django 1.5.
|
||||
|
||||
Features
|
||||
--------
|
||||
|
||||
* SAML 2.0 Identity and service provider
|
||||
* OpenID 1.0 and 2.0 identity provider
|
||||
* Server CAS 1.0 and 2.0 using a plugin
|
||||
* Standards authentication mechanisms:
|
||||
|
||||
* Login/password through internal directory or LDAP
|
||||
* X509 certificate over SSL/TLS
|
||||
|
||||
* Protocol proxying, for instance between OpenID and SAML
|
||||
* Support of LDAP v2 and v3 directories
|
||||
* Support of the PAM backend
|
||||
* One-time password (OATH and Google-Authenticator) using a plugin
|
||||
* Identity attribute management
|
||||
* Plugin system
|
||||
|
||||
|
||||
Source and issue tracker
|
||||
------------------------
|
||||
|
||||
You can find on the project site authentic.entrouvert.org mainly the issue
|
||||
tracker.
|
||||
|
||||
You can find there a viewer of the git repository or clone it::
|
||||
|
||||
git clone http://repos.entrouvert.org/authentic.git
|
||||
|
||||
Support
|
||||
-------
|
||||
Authentic's developpers and users hangs on the mailing list authentic@listes.entrouvert.com.
|
||||
See archives or register at http://listes.entrouvert.com/info/authentic.
|
||||
|
||||
You can open reports or feature request on http://authentic.entrouvert.org.
|
||||
|
||||
Entr'ouvert also provides a commercial support. For information, visit http://www.entrouvert.com.
|
|
@ -0,0 +1,23 @@
|
|||
.. _quick_cas_idp:
|
||||
|
||||
==================================
|
||||
Quickstart a CAS Identity Provider
|
||||
==================================
|
||||
|
||||
1. Activate CAS IdP support in your local_settings.py::
|
||||
|
||||
IDP_CAS = True
|
||||
|
||||
2. Then create the database table to hold CAS service tickets::
|
||||
|
||||
authentic2-ctl syncdb --all
|
||||
authentic2-ctl migrate --fake
|
||||
|
||||
2. Also configure authentic2 to authenticate against your LDAP directory (see
|
||||
above) if your want your user attributes to be accessible from your service,
|
||||
if it is not necessary you can use the normal relational database storage
|
||||
for you users.
|
||||
|
||||
3. Finally configure your service to point to the CAS endpoint at::
|
||||
|
||||
http[s]://your.domain.com/idp/cas/
|
|
@ -0,0 +1,61 @@
|
|||
.. _quick_ldap_backend:
|
||||
|
||||
======================================
|
||||
Quickstart to connect a LDAP Directory
|
||||
======================================
|
||||
|
||||
Authentic use the module django_auth_ldap to synchronize the Django user tables
|
||||
with an LDAP. For complex use case, we will refer you to the django_auth_ldap
|
||||
documentation, see http://packages.python.org/django-auth-ldap/.
|
||||
|
||||
How to authenticate users against an LDAP server with anonymous binding ?
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
1. Install the django_auth_ldap module for Django, for this you need
|
||||
python-ldap, python-ldap needs python developement headers to be installed
|
||||
but is usually packaged by most distributions::
|
||||
|
||||
pip install django_auth_ldap
|
||||
|
||||
|
||||
2. Configure your local_settings.py file for authenticating against LDAP.
|
||||
The next lines must be added::
|
||||
|
||||
AUTHENTICATION_BACKENDS += ( 'django_auth_ldap.backend.LDAPBackend', )
|
||||
|
||||
import ldap
|
||||
from django_auth_ldap.config import LDAPSearch
|
||||
|
||||
# Here put the LDAP URL of your server
|
||||
AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'
|
||||
# Let the bind DN and bind password blank for anonymous binding
|
||||
AUTH_LDAP_BIND_DN = ""
|
||||
AUTH_LDAP_BIND_PASSWORD = ""
|
||||
# Lookup user under the branch o=base and by mathcing their uid against the
|
||||
# received login name
|
||||
AUTH_LDAP_USER_SEARCH = LDAPSearch("o=base",
|
||||
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
|
||||
|
||||
How to allow members of an LDAP group to manage Authentic ?
|
||||
-----------------------------------------------------------
|
||||
|
||||
1. First you must know the objectClass of groups in your LDAP schema, this FAQ
|
||||
will show you the configuration for two usual classes: groupOfNames and
|
||||
groupOfUniqueNames.
|
||||
|
||||
2. Find the relevant groupname. We will say it is: cn=admin,o=mycompany
|
||||
|
||||
3. Add the following lines::
|
||||
|
||||
from django_auth_ldap.config import GroupOfNamesType
|
||||
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
|
||||
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("o=mycompany",
|
||||
ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
||||
"is_staff": "cn=admin,o=mycompany"
|
||||
}
|
||||
|
||||
For an objectClass of groupOfUniqueNames you would change the string
|
||||
GroupOfNamesType to GroupOfUniqueNamesType and grouOfNames to
|
||||
groupOfUniqueNames. For more complex cases see the django_auth_ldap
|
||||
documentation.
|
|
@ -0,0 +1,9 @@
|
|||
.. _quick_oauth2_idp:
|
||||
|
||||
======================================
|
||||
Quickstart an OAuth2 Identity Provider
|
||||
======================================
|
||||
|
||||
This section has to be done. If you need it now, say it on the issue tracker :
|
||||
|
||||
https://dev.entrouvert.org/issues/6053
|
|
@ -0,0 +1,26 @@
|
|||
.. _quick_pam:
|
||||
|
||||
=================================
|
||||
Quickstart for PAM Authentication
|
||||
=================================
|
||||
|
||||
This module is copied from https://bitbucket.org/wnielson/django-pam/ by Weston
|
||||
Nielson and the pam ctype module by Chris Atlee http://atlee.ca/software/pam/.
|
||||
|
||||
Add 'authentic2.vendor.dpam.backends.PAMBackend' to your
|
||||
``settings.py``::
|
||||
|
||||
AUTHENTICATION_BACKENDS = (
|
||||
...
|
||||
'authentic2.vendor.dpam.backends.PAMBackend',
|
||||
...
|
||||
)
|
||||
|
||||
Now you can login via the system-login credentials. If the user is
|
||||
successfully authenticated but has never logged-in before, a new ``User``
|
||||
object is created. By default this new ``User`` has both ``is_staff`` and
|
||||
``is_superuser`` set to ``False``. You can change this behavior by adding
|
||||
``PAM_IS_STAFF=True`` and ``PAM_IS_SUPERUSER`` in your ``settings.py`` file.
|
||||
|
||||
The default PAM service used is ``login`` but you can change it by setting the
|
||||
``PAM_SERVICE`` variable in your ``settings.py`` file.
|
|
@ -0,0 +1,9 @@
|
|||
.. _quick_saml2_idp:
|
||||
|
||||
=====================================
|
||||
Quickstart an SAML2 Identity Provider
|
||||
=====================================
|
||||
|
||||
This section has to be done. If you need it now, say it on the issue tracker :
|
||||
|
||||
https://dev.entrouvert.org/issues/6057
|
|
@ -0,0 +1,22 @@
|
|||
.. _quick_saml2_sp:
|
||||
|
||||
=====================================================
|
||||
Quickstart a connection with a SAML2 Service Provider
|
||||
=====================================================
|
||||
|
||||
1. Get the Identity Provider SAML2 metadata file
|
||||
|
||||
::
|
||||
|
||||
http[s]://your.domain.com/idp/saml2/metadata
|
||||
|
||||
2. Configure your service provider with it.
|
||||
|
||||
3. Go to the providers admin panel on
|
||||
|
||||
::
|
||||
|
||||
http[s]://admin/saml/libertyprovider/add/
|
||||
|
||||
There create a new provider using the service provider metadata and enable it
|
||||
as a service provider.
|
120
settings.rst
120
settings.rst
|
@ -1,119 +1,9 @@
|
|||
.. _settings:
|
||||
|
||||
================
|
||||
General settings
|
||||
================
|
||||
===============================
|
||||
Works with authentic 2 settings
|
||||
===============================
|
||||
|
||||
How do I configure the general settings ?
|
||||
=========================================
|
||||
This section has to be done. If you need it now, say it on the issue tracker :
|
||||
|
||||
Edit the file settings.py in the project directory authentic2.
|
||||
|
||||
A settings file is a Python module with module-level variables. So configure
|
||||
general settings is done by modifying those variables and reloading your
|
||||
application server.
|
||||
|
||||
See the django documentation for more details about the settings files
|
||||
management.
|
||||
|
||||
Activate or deactivate debug mode
|
||||
=================================
|
||||
|
||||
Variable: DEBUG
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate debug mode
|
||||
* True: activate debug mode
|
||||
|
||||
Manage session cookie duration
|
||||
==============================
|
||||
|
||||
Variable: SESSION_EXPIRE_AT_BROWSER_CLOSE
|
||||
|
||||
Values:
|
||||
|
||||
* False: Cookies are not removed when browser is closed.
|
||||
* True: Cookies are removed when browser is closed.
|
||||
|
||||
Variable: SESSION_COOKIE_AGE
|
||||
|
||||
Value:
|
||||
|
||||
* Seconds (36000 equal 10 hours)
|
||||
|
||||
Time zone selection
|
||||
===================
|
||||
|
||||
Variable: TIME_ZONE
|
||||
|
||||
Values:
|
||||
|
||||
* See http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
|
||||
|
||||
Activate or deactivate SSL authentication
|
||||
=========================================
|
||||
|
||||
Variable: AUTH_SSL
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate SSL authentication
|
||||
* True: activate SSL authentication
|
||||
|
||||
Activate or deactivate OpenID authentication, Authentic 2 is an OpenID relying party
|
||||
====================================================================================
|
||||
|
||||
Variable: AUTH_OPENID
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate OpenID authentication
|
||||
* True: activate OpenID authentication
|
||||
|
||||
Activate or deactivate Authentic 2 as a SAML2 identity provider
|
||||
===============================================================
|
||||
|
||||
Variable: IDP_SAML2
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate SAML2 identity provider
|
||||
* True: activate SAML2 identity provider
|
||||
|
||||
Configure SAML2 keys
|
||||
====================
|
||||
|
||||
* SAML_SIGNATURE_PUBLIC_KEY: Certtificate or public key for signature
|
||||
* SAML_SIGNATURE_PRIVATE_KEY: Private key for signature
|
||||
* SAML_ENCRYPTION_PUBLIC_KEY: Certtificate or public key for encryption
|
||||
* SAML_ENCRYPTION_PRIVATE_KEY: Private key for encryption
|
||||
|
||||
Values are pem files of X509 certificate or key, e.g.:
|
||||
SAML_SIGNATURE_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
|
||||
MII...WA==
|
||||
-----END RSA PRIVATE KEY-----'''
|
||||
|
||||
If SAML_ENCRYPTION_PUBLIC_KEY or SAML_ENCRYPTION_PRIVATE_KEY are not given,
|
||||
the signature keys are used for encryption.
|
||||
|
||||
|
||||
Activate or deactivate Authentic 2 as an OpenID provider
|
||||
========================================================
|
||||
|
||||
Variable: IDP_OPENID
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate OpenID provider
|
||||
* True: activate OpenID provider
|
||||
|
||||
Activate or deactivate Authentic 2 as a CAS server
|
||||
==================================================
|
||||
|
||||
Variable: IDP_CAS
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate CAS server
|
||||
* True: activate CAS server
|
||||
https://dev.entrouvert.org/issues/6047
|
||||
|
|
|
@ -0,0 +1,107 @@
|
|||
.. _settings_listing:
|
||||
|
||||
============
|
||||
All settings
|
||||
============
|
||||
|
||||
Activate or deactivate debug mode
|
||||
=================================
|
||||
|
||||
Variable: DEBUG
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate debug mode
|
||||
* True: activate debug mode
|
||||
|
||||
Manage session cookie duration
|
||||
==============================
|
||||
|
||||
Variable: SESSION_EXPIRE_AT_BROWSER_CLOSE
|
||||
|
||||
Values:
|
||||
|
||||
* False: Cookies are not removed when browser is closed.
|
||||
* True: Cookies are removed when browser is closed.
|
||||
|
||||
Variable: SESSION_COOKIE_AGE
|
||||
|
||||
Value:
|
||||
|
||||
* Seconds (36000 equal 10 hours)
|
||||
|
||||
Time zone selection
|
||||
===================
|
||||
|
||||
Variable: TIME_ZONE
|
||||
|
||||
Values:
|
||||
|
||||
* See http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
|
||||
|
||||
Activate or deactivate SSL authentication
|
||||
=========================================
|
||||
|
||||
Variable: AUTH_SSL
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate SSL authentication
|
||||
* True: activate SSL authentication
|
||||
|
||||
Activate or deactivate OpenID authentication, Authentic 2 is an OpenID relying party
|
||||
====================================================================================
|
||||
|
||||
Variable: AUTH_OPENID
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate OpenID authentication
|
||||
* True: activate OpenID authentication
|
||||
|
||||
Activate or deactivate Authentic 2 as a SAML2 identity provider
|
||||
===============================================================
|
||||
|
||||
Variable: IDP_SAML2
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate SAML2 identity provider
|
||||
* True: activate SAML2 identity provider
|
||||
|
||||
Configure SAML2 keys
|
||||
====================
|
||||
|
||||
* SAML_SIGNATURE_PUBLIC_KEY: Certtificate or public key for signature
|
||||
* SAML_SIGNATURE_PRIVATE_KEY: Private key for signature
|
||||
* SAML_ENCRYPTION_PUBLIC_KEY: Certtificate or public key for encryption
|
||||
* SAML_ENCRYPTION_PRIVATE_KEY: Private key for encryption
|
||||
|
||||
Values are pem files of X509 certificate or key, e.g.:
|
||||
SAML_SIGNATURE_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
|
||||
MII...WA==
|
||||
-----END RSA PRIVATE KEY-----'''
|
||||
|
||||
If SAML_ENCRYPTION_PUBLIC_KEY or SAML_ENCRYPTION_PRIVATE_KEY are not given,
|
||||
the signature keys are used for encryption.
|
||||
|
||||
|
||||
Activate or deactivate Authentic 2 as an OpenID provider
|
||||
========================================================
|
||||
|
||||
Variable: IDP_OPENID
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate OpenID provider
|
||||
* True: activate OpenID provider
|
||||
|
||||
Activate or deactivate Authentic 2 as a CAS server
|
||||
==================================================
|
||||
|
||||
Variable: IDP_CAS
|
||||
|
||||
Values:
|
||||
|
||||
* False: deactivate CAS server
|
||||
* True: activate CAS server
|
|
@ -0,0 +1,9 @@
|
|||
.. _translation:
|
||||
|
||||
|
||||
Compiling translations
|
||||
======================
|
||||
|
||||
Translations must compiled to be useful, to do that run the following command::
|
||||
|
||||
./setup.py compile_translations
|
|
@ -4,17 +4,14 @@
|
|||
Upgrading
|
||||
=========
|
||||
|
||||
How to upgrade to a new version of authentic ?
|
||||
----------------------------------------------
|
||||
Update using pip::
|
||||
|
||||
Authentic stores all its data in a relational database as specified in its
|
||||
pip install -U authentic2
|
||||
|
||||
Authentic store all its data in a relational database as specified in its
|
||||
settings.py or local_settings.py file. So in order to upgrade to a new version
|
||||
of authentic you have to update your database schema using the
|
||||
migration command — you will need to have installed the dependency
|
||||
django-south, see the beginning of this README file.::
|
||||
migration command — you will need to have installed the dependency django-south,
|
||||
see the beginning of this README file.::
|
||||
|
||||
python ./manage.py migrate
|
||||
|
||||
Then you will need to create new tables if there are.::
|
||||
|
||||
python ./manage.py syncdb
|
||||
authentic2-ctl syncdb --migrate
|
||||
|
|
Reference in New Issue