moved part of the documentation from INSTALL to doc/manual.txt.
This commit is contained in:
parent
244c53a6cf
commit
bcfb981810
45
INSTALL
45
INSTALL
|
@ -52,51 +52,6 @@ places for CGI. You can copy them (they are the executables in src/) in your
|
||||||
favourite place. Note that if you want to use HTTP authentication;
|
favourite place. Note that if you want to use HTTP authentication;
|
||||||
``singleSignOn`` should be installed in a different directory.
|
``singleSignOn`` should be installed in a different directory.
|
||||||
|
|
||||||
Apache Configuration
|
|
||||||
====================
|
|
||||||
|
|
||||||
Imagine ``soapEndPoint`` has been installed in ``/usr/lib/cgi-bin/idpc/`` and
|
|
||||||
``singleSignOn`` in ``/usr/lib/cgi-bin/idpc/auth/``. Apache configuration will
|
|
||||||
look as follow::
|
|
||||||
|
|
||||||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
||||||
|
|
||||||
<Directory /usr/lib/cgi-bin/>
|
|
||||||
AllowOverride None
|
|
||||||
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
||||||
Order allow,deny
|
|
||||||
Allow from all
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
<Directory /usr/lib/cgi-bin/idpc/auth>
|
|
||||||
AuthType Basic
|
|
||||||
AuthName "IdPc"
|
|
||||||
AuthUserFile /etc/apache/passwd
|
|
||||||
Require valid-user
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
|
|
||||||
Database configuration
|
|
||||||
======================
|
|
||||||
|
|
||||||
PostgreSQL
|
|
||||||
----------
|
|
||||||
|
|
||||||
.. include:: create-db.sql
|
|
||||||
|
|
||||||
Be sure it is possible to connect using TCP/IP to the database; somethink like
|
|
||||||
the next line will do (you may have to disable ``ident`` authentication first)::
|
|
||||||
|
|
||||||
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
|
|
||||||
host idpc idpc 127.0.0.1 255.255.255.255 password
|
|
||||||
|
|
||||||
|
|
||||||
MySQL
|
|
||||||
-----
|
|
||||||
|
|
||||||
.. note:: Support not yet implemented.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.. _libxml2: http://www.xmlsoft.org/
|
.. _libxml2: http://www.xmlsoft.org/
|
||||||
.. _neon: http://www.webdav.org/neon/
|
.. _neon: http://www.webdav.org/neon/
|
||||||
|
|
|
@ -57,9 +57,18 @@ dd {
|
||||||
}
|
}
|
||||||
|
|
||||||
table.table {
|
table.table {
|
||||||
margin-top: 1em;
|
margin: 1ex 0;
|
||||||
|
border-spacing: 0px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
table.table th {
|
||||||
|
padding: 0px 1ex;
|
||||||
|
background: #eef;
|
||||||
|
font-weight: normal;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
table.table td {
|
table.table td {
|
||||||
padding: 0 0.5ex;
|
padding: 0 0.5ex;
|
||||||
}
|
}
|
||||||
|
@ -68,6 +77,7 @@ div.note, div.warning {
|
||||||
padding: 0.3ex;
|
padding: 0.3ex;
|
||||||
padding-left: 60px;
|
padding-left: 60px;
|
||||||
min-height: 50px;
|
min-height: 50px;
|
||||||
|
margin: 1ex 1em;
|
||||||
}
|
}
|
||||||
|
|
||||||
div.note {
|
div.note {
|
||||||
|
|
|
@ -19,12 +19,13 @@ of several CGI C programs.
|
||||||
|
|
||||||
It supports the following IDFF-1.2 profiles:
|
It supports the following IDFF-1.2 profiles:
|
||||||
|
|
||||||
- Single Sign-On and Federation
|
- Single Sign-On and Federation (Liberty Artifact and Liberty-Enabled Client
|
||||||
|
and Proxy)
|
||||||
- Single Logout (SOAP, initiated by SP)
|
- Single Logout (SOAP, initiated by SP)
|
||||||
- Federation Termination
|
- Federation Termination (SOAP, initiated by SP)
|
||||||
- Liberty-Enabled Client and Proxy
|
|
||||||
|
|
||||||
It will implement other core profiles in the future.
|
It will complete existing profiles and implement other core profiles in the
|
||||||
|
future.
|
||||||
|
|
||||||
IdPC can authenticate users through several means including HTTP authentication
|
IdPC can authenticate users through several means including HTTP authentication
|
||||||
and client certificates.
|
and client certificates.
|
||||||
|
@ -141,6 +142,52 @@ Additionally if you have set OCSP options in the configuration file, a OCSP
|
||||||
connection will be made to check certificate validity.
|
connection will be made to check certificate validity.
|
||||||
|
|
||||||
|
|
||||||
|
Apache Configuration
|
||||||
|
====================
|
||||||
|
|
||||||
|
Imagine ``soapEndPoint`` has been installed in ``/usr/lib/cgi-bin/idpc/`` and
|
||||||
|
``singleSignOn`` in ``/usr/lib/cgi-bin/idpc/auth/``. Apache configuration will
|
||||||
|
look as follow::
|
||||||
|
|
||||||
|
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
||||||
|
|
||||||
|
<Directory /usr/lib/cgi-bin/>
|
||||||
|
AllowOverride None
|
||||||
|
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
<Directory /usr/lib/cgi-bin/idpc/auth>
|
||||||
|
AuthType Basic
|
||||||
|
AuthName "IdPc"
|
||||||
|
AuthUserFile /etc/apache/passwd
|
||||||
|
Require valid-user
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
|
||||||
|
Database configuration
|
||||||
|
======================
|
||||||
|
|
||||||
|
PostgreSQL
|
||||||
|
----------
|
||||||
|
|
||||||
|
.. include:: ../create-db.sql
|
||||||
|
|
||||||
|
Be sure it is possible to connect using TCP/IP to the database; somethink like
|
||||||
|
the next line will do (you may have to disable ``ident`` authentication first)::
|
||||||
|
|
||||||
|
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
|
||||||
|
host idpc idpc 127.0.0.1 255.255.255.255 password
|
||||||
|
|
||||||
|
|
||||||
|
MySQL
|
||||||
|
-----
|
||||||
|
|
||||||
|
.. note:: Support not yet implemented.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Copyright and License
|
Copyright and License
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
|
|
|
@ -63,6 +63,15 @@ int federation_termination_http(LassoFederationTermination *termination)
|
||||||
return error_page("save_profile_dumps failed");
|
return error_page("save_profile_dumps failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = lasso_federation_termination_build_notification_msg(termination);
|
||||||
|
if (rc) {
|
||||||
|
return error_page("build notification msg");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* XXX: redirect to SP return URL */
|
||||||
|
/* missing lasso support; impossible to get return URL */
|
||||||
|
printf("Location: %s\n\nRedirected", "XXX");
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -293,6 +293,7 @@ int single_sign_on()
|
||||||
} else {
|
} else {
|
||||||
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
||||||
/* XXX not supported by Lasso yet */
|
/* XXX not supported by Lasso yet */
|
||||||
|
rc = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
lasso_login_destroy(login);
|
lasso_login_destroy(login);
|
||||||
|
|
Reference in New Issue