diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 0000000..38d841c --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,36 @@ +PANDOC=pandoc +PANDOCFLAGS=--standalone --smart --toc --number-sections --latex-engine=xelatex --variable geometry=margin=3cm --variable lang=french --variable mainfont=Cantarell --variable fontsize=12pt -c pandoc.css +SRCS=$(wildcard *.md) +IMAGES=$(wildcard images/*.png) +PDFS=$(SRCS:%.md=%.pdf) +HTMLS=$(SRCS:%.md=%.html) +TEXS=$(SRCS:%.md=%.tex) +ALL=$(PDFS) $(HTMLS) index.html + +all: $(ALL) + +index.html: $(SRCS) index.html.build + echo $(IMAGES) + sh ./index.html.build > index.html + +%.pdf: %.md $(IMAGES) Makefile + $(PANDOC) $(PANDOCFLAGS) $< -o $@ + +%.tex: %.md + $(PANDOC) $(PANDOCFLAGS) $< -o $@ + +%.html: %.md + $(PANDOC) $(PANDOCFLAGS) $< -o $@ + +%.txt: %.md + $(PANDOC) $(PANDOCFLAGS) $< -o $@ + +.PHONY: + +tex: $(TEXS) + +clean: + rm -f index.html $(PDFS) $(HTMLS) $(TEXS) $(SRCS:%.md=%.aux) $(SRCS:%.md=%.log) $(SRCS:%.md=%.out) $(SRCS:%.md=%.toc) + +publish: $(ALL) + rsync -av * doc.entrouvert.org:/var/vhosts/doc.entrouvert.org/web/supann/ diff --git a/doc/configuration-pfsense.md b/doc/configuration-pfsense.md new file mode 100644 index 0000000..ccff6b1 --- /dev/null +++ b/doc/configuration-pfsense.md @@ -0,0 +1,110 @@ +% UAuth: Portail captif dans le Cloud +% Configuration pfSense +% Entr'ouvert SCOP -- http://www.entrouvert.com + +Ce document spécifie les étapes de configuration d'un portail captif pfSense +pour son raccordement à la plateforme U-Auth. + +Configuration d'un portail captif pfSense +========================================= + +Dans le menu __Services/Captive Portal__ + +\ ![images/pfsense_home.png](images/pfsense_home.png) + +ajouter une nouvelle zone: + +\ ![images/pfsense_new_zone.png](images/pfsense_new_zone.png) + + +Configurer la zone ainsi créée: + +1. activer la zone: + +\ ![images/pfsense_activate_zone.png](images/pfsense_activate_zone.png) + + +2. configurer l'URL de redirection vers le page de connexion U-Auth: + +\ ![images/pfsense_config_redirect_url.png](images/pfsense_config_redirect_url.png) + +3. configurer l'authentification Radius: + * protocole d'authentification: PAP + * adresse IP du serveur U-Auth: 176.31.146.80 + * secret partagé: testing123 + +\ ![images/pfsense_radius_config.png](images/pfsense_radius_config.png) + +4. définir un nom local pour le portail captif: + +\ ![images/pfsense_server_name.png](images/pfsense_server_name.png) + +5. desactiver le HTTPS Forwards + +\ ![images/pfsense_disable_https_forwards.png](images/pfsense_disable_https_forwards.png) + +6. personnaliser la page d'authentification du portail captif en chargeant un fichier html contenant obligatoirement la variable `$PORTAL_REDIRURL$`: + +\ ![images/pfsense_portal_page.png](images/pfsense_portal_page.png) + +Example de fichier: + +```html + + + You are being redirected to authentication page + + +

You are being redirected to authentication page

+

If you are not redirected, please + click here

+ + + +``` + +7. Autoriser le portail captif à acceder à U-Auth et les fournisseurs d'identité de la fédération: + +\ ![images/pfsense_allowed_ips.png](images/pfsense_allowed_ips.png) + + +8. Dans le resolver DNS local rajouter le nom et l'adresse locale du portail captif: + +\ ![images/pfsense_dns_resolver.png](images/pfsense_dns_resolver.png) + +\ ![images/pfsense_add_host.png](images/pfsense_add_host.png) + + +Test d'authentification +======================= + +Depuis un poste interne au réseau du portail captif aller sur une page(par exemple http://perdu.com): + +\ ![images/pfsense_test_login1.png](images/pfsense_test_login1.png) + +La page personnalisée, rédirigeant vers U-Auth, sera affichée: + +\ ![images/pfsense_test_redirect.png](images/pfsense_test_redirect.png) + +Si l'accès à la plateforme U-Auth a été bien autorisée au niveau du portail captif, la page de votre organisme avec la liste des fournisseurs d'identité sera affichée: + +\ ![images/uauth.png](images/uauth.png) + +En choisisant un fournisseur d'identité, également autorisé au niveau du portail captif, la mire de connexion est affichée: + +\ ![images/idp_test_renater.png](images/idp_test_renater.png) + +\ ![/idp_psl_dev.png](images/idp_psl_dev.png) + +Une fois authentifié auprès du fournisseur d'identité l'utilisateur est autorisé au niveau du portail captif et est renvoyée vers la page demandée initiallement(dans cet exemple http://perdu.com) + +La session utilisateur sera visible dans le dashboard du portail captif: + +\ ![images/pfsense_dashboard.png](images/pfsense_dashboard.png) + + + diff --git a/doc/fonts/Cantarell-Bold.otf b/doc/fonts/Cantarell-Bold.otf new file mode 100644 index 0000000..3fb64a8 Binary files /dev/null and b/doc/fonts/Cantarell-Bold.otf differ diff --git a/doc/fonts/Cantarell-Regular.otf b/doc/fonts/Cantarell-Regular.otf new file mode 100644 index 0000000..b28baa1 Binary files /dev/null and b/doc/fonts/Cantarell-Regular.otf differ diff --git a/doc/fonts/Museo500-Regular.otf b/doc/fonts/Museo500-Regular.otf new file mode 100644 index 0000000..da52e9c Binary files /dev/null and b/doc/fonts/Museo500-Regular.otf differ diff --git a/doc/fonts/Museo_Slab.otf b/doc/fonts/Museo_Slab.otf new file mode 100644 index 0000000..84ceaca Binary files /dev/null and b/doc/fonts/Museo_Slab.otf differ diff --git a/doc/images/idp_psl_dev.png b/doc/images/idp_psl_dev.png new file mode 100644 index 0000000..bce34d5 Binary files /dev/null and b/doc/images/idp_psl_dev.png differ diff --git a/doc/images/idp_test_renater.png b/doc/images/idp_test_renater.png new file mode 100644 index 0000000..5b7e7c4 Binary files /dev/null and b/doc/images/idp_test_renater.png differ diff --git a/doc/images/pfsense_activate_zone.png b/doc/images/pfsense_activate_zone.png new file mode 100644 index 0000000..151bd49 Binary files /dev/null and b/doc/images/pfsense_activate_zone.png differ diff --git a/doc/images/pfsense_add_host.png b/doc/images/pfsense_add_host.png new file mode 100644 index 0000000..3484b84 Binary files /dev/null and b/doc/images/pfsense_add_host.png differ diff --git a/doc/images/pfsense_allowed_ips.png b/doc/images/pfsense_allowed_ips.png new file mode 100644 index 0000000..5eda0fb Binary files /dev/null and b/doc/images/pfsense_allowed_ips.png differ diff --git a/doc/images/pfsense_config_redirect_url.png b/doc/images/pfsense_config_redirect_url.png new file mode 100644 index 0000000..e13c88c Binary files /dev/null and b/doc/images/pfsense_config_redirect_url.png differ diff --git a/doc/images/pfsense_dashboard.png b/doc/images/pfsense_dashboard.png new file mode 100644 index 0000000..0daa428 Binary files /dev/null and b/doc/images/pfsense_dashboard.png differ diff --git a/doc/images/pfsense_disable_https_forwards.png b/doc/images/pfsense_disable_https_forwards.png new file mode 100644 index 0000000..b082c2b Binary files /dev/null and b/doc/images/pfsense_disable_https_forwards.png differ diff --git a/doc/images/pfsense_dns_resolver.png b/doc/images/pfsense_dns_resolver.png new file mode 100644 index 0000000..203aab8 Binary files /dev/null and b/doc/images/pfsense_dns_resolver.png differ diff --git a/doc/images/pfsense_home.png b/doc/images/pfsense_home.png new file mode 100644 index 0000000..161c796 Binary files /dev/null and b/doc/images/pfsense_home.png differ diff --git a/doc/images/pfsense_new_zone.png b/doc/images/pfsense_new_zone.png new file mode 100644 index 0000000..f29e0a9 Binary files /dev/null and b/doc/images/pfsense_new_zone.png differ diff --git a/doc/images/pfsense_portal_page.png b/doc/images/pfsense_portal_page.png new file mode 100644 index 0000000..ac71fff Binary files /dev/null and b/doc/images/pfsense_portal_page.png differ diff --git a/doc/images/pfsense_radius_config.png b/doc/images/pfsense_radius_config.png new file mode 100644 index 0000000..53548d1 Binary files /dev/null and b/doc/images/pfsense_radius_config.png differ diff --git a/doc/images/pfsense_server_name.png b/doc/images/pfsense_server_name.png new file mode 100644 index 0000000..e75edb7 Binary files /dev/null and b/doc/images/pfsense_server_name.png differ diff --git a/doc/images/pfsense_test_login1.png b/doc/images/pfsense_test_login1.png new file mode 100644 index 0000000..c694272 Binary files /dev/null and b/doc/images/pfsense_test_login1.png differ diff --git a/doc/images/pfsense_test_redirect.png b/doc/images/pfsense_test_redirect.png new file mode 100644 index 0000000..55e1713 Binary files /dev/null and b/doc/images/pfsense_test_redirect.png differ diff --git a/doc/images/uauth.png b/doc/images/uauth.png new file mode 100644 index 0000000..0b5d27b Binary files /dev/null and b/doc/images/uauth.png differ diff --git a/doc/index.html.build b/doc/index.html.build new file mode 100644 index 0000000..ac556a5 --- /dev/null +++ b/doc/index.html.build @@ -0,0 +1,33 @@ +#!/bin/bash + +cat << EOT + + + + +Documentation + + + + + +

+Entr'ouvert Gestion d'identité SUPANN — Documentation

+
+EOT + +for MD in configuration-pfsense.md +do + F=`basename $MD .md` + TITLE=`head -1 $F.md | sed 's/.*-- //'` +cat << EOT +
$TITLE + [PDF]
+

+EOT +done + +cat << EOT + + +EOT diff --git a/doc/pandoc.css b/doc/pandoc.css new file mode 100644 index 0000000..eed1da8 --- /dev/null +++ b/doc/pandoc.css @@ -0,0 +1,128 @@ +@font-face { + font-family: 'Museo500'; + src: url(fonts/Museo500-Regular.otf); + font-weight: normal; + font-style: normal; +} + +@font-face { + font-family: 'MuseoSlab'; + src: url(fonts/Museo_Slab.otf); + font-weight: normal; + font-style: normal; +} + +@font-face { + font-family: 'Cantarell'; + src: local('Cantarell'), local('Cantarell Regular'), + url(fonts/Cantarell-Regular.otf); +} + +@font-face { + font-family: 'Cantarell'; + font-weight: bold; + src: local('Cantarell'), local('Cantarell Bold'), local('Cantarell-Bold'), + url(fonts/Cantarell-Bold.otf); +} + +body { + margin: auto; + padding-right: 1em; + padding-left: 1em; + max-width: 60em; + /* border-left: 1px solid black; + border-right: 1px solid black; */ + color: black; + line-height: 140%; + color: #000; + font-family: Cantarell, Roboto, 'Droid Sans', Ubuntu, 'DejaVu Sans', Arial, sans-serif; +} + +h1, h2, h3, h4 { + font-family: 'Museo500', 'Roboto'; +} + +pre { + border: 1px dotted gray; + background-color: #ececec; + color: #000; + padding: 0.5em; +} +code { + font-family: monospace; +} +h1 a, h2 a, h3 a, h4 a, h5 a { + text-decoration: none; + color: #000; +} +h1, h2, h3, h4, h5 { + color: #000; +} +h1 { + padding-top: 1em; + margin-top: 4em; + border-top: 2px solid black; + font-size: 200%; +} + +h2 { +/* border-bottom: 1px dotted black; */ + font-size: 150%; + padding-top: 1em; +} + +h3 { + font-size: 120%; +} + +h4 { + font-size: 90%; + font-style: italic; +} + +h5 { + font-size: 90%; + font-style: italic; +} + +h1.title { + font-size: 200%; + font-weight: bold; + padding-top: 0.2em; + padding-bottom: 0.2em; + text-align: left; + border: none; +} + +h2.author { + text-align: right; +} + +div#TOC { + padding: 20px; + background: #ccc; +} + +dt code { + font-weight: bold; +} +dd p { + margin-top: 0; +} + +#footer { + padding-top: 1em; + font-size: 70%; + color: gray; + text-align: center; +} +div.figure { + padding-top: 1em; + padding-bottom: 1em; + border: 1px solid black; + text-align: center; +} +p.caption { + font-size: 80%; + font-style: italic; +}