Compare commits
18 Commits
pkg/dev/eo
...
pkg/stable
| Author | SHA1 | Date | |
|---|---|---|---|
| c7c5f08b7a | |||
| 050e559f75 | |||
| 889010cfe7 | |||
| eef533bfe6 | |||
| f0d6325cf5 | |||
| e84ba19b68 | |||
| 3b4d3ccb41 | |||
| 66be6dc37e | |||
| b7aefb7a8b | |||
| 08ed6a21dc | |||
| 5f5c5359f7 | |||
| 51519eae55 | |||
| 2afe4dceb4 | |||
| 0f25183778 | |||
| a4a3d52746 | |||
| a5ce48110d | |||
| faf2a361db | |||
| 61b982607e |
@ -32,35 +32,36 @@ def getSSOFilters():
|
||||
"""
|
||||
import glob
|
||||
from ConfigParser import ConfigParser
|
||||
import json
|
||||
|
||||
try:
|
||||
filters = {}
|
||||
filters = { 'uid': "uid", "mail": "mail" }
|
||||
filterDirectory = "/usr/share/sso/app_filters/"
|
||||
filterExtention = ".ini"
|
||||
filterSection = "utilisateur"
|
||||
filterFiles = glob.glob("{0}/*{1}".format(filterDirectory, filterExtention))
|
||||
toClean = ["uid","mail","cn","__name__"]
|
||||
for fi in filterFiles:
|
||||
# Don't parse "applications.ini"
|
||||
config = ConfigParser()
|
||||
config.read(fi)
|
||||
if filterSection in config._sections:
|
||||
filters.update(config._sections[filterSection].items())
|
||||
|
||||
for key in toClean:
|
||||
del(filters[key])
|
||||
|
||||
res = ""
|
||||
toClean = [ "__name__" ]
|
||||
if len(filterFiles) != 0:
|
||||
for fi in filterFiles:
|
||||
# Don't parse "applications.ini"
|
||||
config = ConfigParser()
|
||||
config.read(fi)
|
||||
if filterSection in config._sections:
|
||||
filters.update(config._sections[filterSection].items())
|
||||
for key in toClean:
|
||||
if key in filters.keys():
|
||||
del(filters[key])
|
||||
res = {}
|
||||
index=0
|
||||
size=len(filters)
|
||||
return(filters.items())
|
||||
"""
|
||||
for k,v in filters.items():
|
||||
res += " \"{0}\": \"{1}\",".format(k,v)
|
||||
res[k] " \"{0}\": \"{1}\"".format(k,v)
|
||||
index += 1
|
||||
if index != size:
|
||||
res += "\n"
|
||||
|
||||
res += ",\n"
|
||||
return(res)
|
||||
|
||||
"""
|
||||
except:
|
||||
return "Error Generating Filters"
|
||||
|
||||
|
||||
2
debian/control
vendored
2
debian/control
vendored
@ -12,7 +12,7 @@ Package: eole-lemonldap
|
||||
Architecture: all
|
||||
Depends: ${misc:Depends}, lemonldap-ng, lemonldap-ng-doc, lemonldap-ng-fr-doc, lemonldap-ng-fastcgi-server,
|
||||
libxml-libxml-perl, libxml-libxslt-perl, libcgi-emulate-psgi-perl, libauthen-captcha-perl, liblasso-perl,
|
||||
libxml-simple-perl, libcgi-compile-perl
|
||||
libxml-simple-perl, libcgi-compile-perl, libmouse-perl
|
||||
Conflicts: eole-sso
|
||||
Provides: eole-sso
|
||||
Description: Dictionnaires et templates pour la configuration d'un serveur LemonLDAP::NG, testée uniquement avec eolebase
|
||||
|
||||
@ -7,6 +7,7 @@
|
||||
<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
|
||||
<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
|
||||
<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
|
||||
<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
|
||||
<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
|
||||
@ -51,11 +52,26 @@
|
||||
<variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
|
||||
<value>bootstrap</value>
|
||||
</variable>
|
||||
<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
<variable name='llRegisterAccount' type='oui/non' description="Permettre aux utilisateurs de créer un compte">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
|
||||
<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
|
||||
</family>
|
||||
<separators>
|
||||
<separator name="managerWebName">Configuration DNS</separator>
|
||||
<separator name="ldapScheme">Configuration LDAP</separator>
|
||||
<separator name="casAttribute">Configuration CAS</separator>
|
||||
<separator name="llSkin">Personnalisation de la mire SSO</separator>
|
||||
</separators>
|
||||
</variables>
|
||||
<constraints>
|
||||
@ -77,6 +93,9 @@
|
||||
</fill>
|
||||
<check name="valid_enum" target="ldapScheme">
|
||||
<param>['ldaps','ldap']</param>
|
||||
</check>
|
||||
<check name="valid_enum" target="llRegisterDB">
|
||||
<param>['LDAP','Demo','Custom']</param>
|
||||
</check>
|
||||
<group master="casAttribute">
|
||||
<slave>casLDAPAttribute</slave>
|
||||
@ -88,6 +107,18 @@
|
||||
<target type='family'>LemonLDAP</target>
|
||||
<target type='service_accesslist'>saLemon</target>
|
||||
</condition>
|
||||
<condition name='disabled_if_in' source='llRegisterAccount'>
|
||||
<param>non</param>
|
||||
<target type='variable'>llRegisterDB</target>
|
||||
</condition>
|
||||
<condition name='disabled_if_not_in' source='llRegisterDB'>
|
||||
<param>Custom</param>
|
||||
<target type='variable'>llRegisterURL</target>
|
||||
</condition>
|
||||
<check name='valid_enum' target='llSkin'>
|
||||
<param>['bootstrap','dark','impact','pastel']</param>
|
||||
<param name="checkval">False</param>
|
||||
</check>
|
||||
</constraints>
|
||||
<help>
|
||||
<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
|
||||
@ -95,5 +126,6 @@
|
||||
<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
|
||||
<variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
|
||||
<variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
|
||||
<variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
|
||||
</help>
|
||||
</creole>
|
||||
|
||||
9
postservice/99-lemonldap-ng
Normal file
9
postservice/99-lemonldap-ng
Normal file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Updating Configuration cache
|
||||
|
||||
cmd="/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache"
|
||||
opt="update-cache"
|
||||
|
||||
res=$(${cmd} ${opt} 2>&1)
|
||||
exit ${?}
|
||||
@ -112,10 +112,14 @@ localStorageOptions={ \
|
||||
|
||||
; PORTAL CUSTOMIZATION
|
||||
; Name of the skin
|
||||
;portalSkin = pastel
|
||||
portalSkin = %%llSkin
|
||||
; Modules displayed
|
||||
;portalDisplayLogout = 1
|
||||
;portalDisplayResetPassword = 1
|
||||
%if %%llResetPassword == "oui"
|
||||
portalDisplayResetPassword = 1
|
||||
%else
|
||||
portalDisplayResetPassword = 0
|
||||
%end if
|
||||
;portalDisplayChangePassword = 1
|
||||
;portalDisplayAppslist = 1
|
||||
;portalDisplayLoginHistory = 1
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
%set %%ssoFilters = %%getSSOFilters
|
||||
{
|
||||
"ldapGroupAttributeNameUser": "dn",
|
||||
"cfgAuthorIP": "172.16.0.1",
|
||||
@ -39,7 +40,9 @@
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"vhostOptions": {
|
||||
"%%managerWebName": {},
|
||||
"%%managerWebName": {
|
||||
"vhostHttps" : "1"
|
||||
},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"test2.%%nom_domaine_local": {}
|
||||
},
|
||||
@ -63,7 +66,20 @@
|
||||
"cfgLog": "",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"exportedVars": {
|
||||
"UA": "HTTP_USER_AGENT"
|
||||
"UA": "HTTP_USER_AGENT",
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%value"
|
||||
%else
|
||||
"%%key": "%%value",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"notificationStorage": "File",
|
||||
"applicationList": {
|
||||
@ -159,12 +175,19 @@
|
||||
"ldapUsePasswordResetAttribute": 1,
|
||||
"ldapPpolicyControl": 0,
|
||||
"casAttributes": {
|
||||
"uid":"uid",
|
||||
%%getSSOFilters
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att.casLDAPAttribute",
|
||||
%end for
|
||||
"mail":"mail"
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%key"
|
||||
%else
|
||||
"%%key": "%%key",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"issuerDBSAMLPath": "^/saml/",
|
||||
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||
@ -197,7 +220,11 @@
|
||||
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||
"nginxCustomHandlers": {},
|
||||
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||
%if %%llResetPassword == "oui"
|
||||
"portalDisplayResetPassword": 1,
|
||||
%else
|
||||
"portalDisplayResetPassword": 0,
|
||||
%end if
|
||||
"openIdSreg_timezone": "_timezone",
|
||||
"infoFormMethod": "get",
|
||||
"openIdAuthnLevel": 1,
|
||||
@ -214,7 +241,12 @@
|
||||
"slaveAuthnLevel": 2,
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"Soap": 1,
|
||||
"registerDB": "Demo",
|
||||
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerDB": "Null",
|
||||
%else
|
||||
"registerDB": "%%RegisterDB",
|
||||
%end if
|
||||
"locationRules": {
|
||||
"%%managerWebName": {
|
||||
"default": "$uid eq \"%%lemonAdmin\""
|
||||
@ -344,7 +376,11 @@
|
||||
"activeTimer": 1,
|
||||
"cda": 0,
|
||||
"samlServicePublicKeySig": "",
|
||||
%if %%llCheckLogins == "oui"
|
||||
"portalCheckLogins": 1,
|
||||
%else
|
||||
"portalCheckLogins": 0,
|
||||
%end if
|
||||
"CAS_authnLevel": 1,
|
||||
"macros": {
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||
@ -390,7 +426,11 @@
|
||||
"oidcOPMetaDataOptions": null,
|
||||
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||
"samlOrganizationName": "%%samlOrganizationName",
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerUrl": "%%llRegisterURL",
|
||||
%else
|
||||
"registerUrl": "https://%%authWebName/register.pl",
|
||||
%end if
|
||||
"casAccessControlPolicy": "none",
|
||||
"multiValuesSeparator": ";",
|
||||
"ldapPort": %%ldapServerPort
|
||||
|
||||
Reference in New Issue
Block a user