mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
[doc] Update README.md
This commit is contained in:
parent
12f4861bce
commit
001e02413a
1 changed files with 41 additions and 9 deletions
50
README.md
50
README.md
|
@ -24,16 +24,11 @@ Installation
|
|||
git clone https://github.com/Kloadut/SSOwat /etc/ssowat
|
||||
```
|
||||
|
||||
* Edit SSOwat configuration
|
||||
|
||||
```
|
||||
nano /etc/ssowat/conf.json
|
||||
```
|
||||
Nginx configuration
|
||||
-------------------
|
||||
|
||||
Nginx conf
|
||||
----------
|
||||
|
||||
* Add SSOwat's Nginx configuration (http{} scope)
|
||||
* Add SSOwat's Nginx configuration (`http{}` scope)
|
||||
|
||||
```bash
|
||||
nano /etc/nginx/conf.d/ssowat.conf
|
||||
|
@ -47,4 +42,41 @@ access_by_lua_file /etc/ssowat/access.lua;
|
|||
|
||||
```
|
||||
|
||||
**That's it !**
|
||||
You can also put the `access_by_lua_file` directive in a `server{}` scope if you want to protect only a vhost.
|
||||
|
||||
|
||||
SSOwat configuration
|
||||
--------------------
|
||||
|
||||
```
|
||||
nano /etc/ssowat/conf.json
|
||||
```
|
||||
|
||||
If you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent` file, since the `/etc/ssowat/conf.json` will often be overwritten.
|
||||
|
||||
### Available parameters
|
||||
|
||||
* `portal_domain`: Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**)
|
||||
* `portal_path`: URI of the authentication portal (default: `/ssowat`)
|
||||
* `portal_port`: Web port of the authentication portal (default: 443)
|
||||
* `portal_scheme`: Whether authentication should use secure connection or not (default: `https`)
|
||||
* `domains`: List of handle domains (default: portal_domain)
|
||||
* `ldap_host`: LDAP server hostname (default: `localhost`)
|
||||
* `ldap_group`: LDAP group to search in (default: **`ou=users,dc=yunohost,dc=org`**)
|
||||
* `ldap_identifier`: LDAP user identifier (default: `uid`)
|
||||
* `ldap_attributes`: User's attributes to fetch from LDAP (default: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`)
|
||||
* `allow_mail_authentication`: Whether users can authenticate with their mail address (default: `true`)
|
||||
* `login_arg`: URI argument to use for cross-domain authentication (default: `sso_login`)
|
||||
* `additional_headers`: Array of additionnal HTTP headers to set once user is authenticated (default: `{ "Remote-User": "uid" }`)
|
||||
* `session_timeout`: The session expiracy time limit in seconds, since the last connection (default: `86400` / one day)
|
||||
* `session_max_timeout`: The session expiracy time limit in seconds (default: `604800` / one week)
|
||||
* `protected_urls`: List of priorily protected URLs and/or URIs (**by default, every URL is protected**)
|
||||
* `protected_regex`: List of regular expressions to be matched against URLs **and** URIs to protect them
|
||||
* `skipped_urls`: List of URLs and/or URIs that will not be affected by SSOwat
|
||||
* `skipped_regex`: List of regular expressions to be matched against URLs **and** URIs to ignore them
|
||||
* `unprotected_urls`: List of URLs and/or URIs that will not be affected by SSOwat **unless user is authenticated**
|
||||
* `unprotected_regex`: List of regular expressions to be matched against URLs **and** URIs to ignore them **unless user is authenticated**
|
||||
* `redirected_urls`: Array of URLs and/or URIs to redirect and their redirect URI/URL (example: `{ "/", "example.org/subpath" }`)
|
||||
* `redirected_regex`: Array of regular expressions to be matched against URLS **and** URIs and their redirect URI/URL (example: `{ "example.org/megusta$", "example.org/subpath" }`)
|
||||
* `users`: 2-level array containing usernames and their allowed URLs along with an App name (example: `{ "kload": { "kload.fr/myapp/": "My App" } }`)
|
||||
|
||||
|
|
Loading…
Reference in a new issue