YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

README reworked (#165)

Browse source
This commit is contained in:
Allan Nordhøy 2020-06-16 15:48:56 +00:00 committed by GitHub
parent 6a14e78617
commit 70c81c6b89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 40 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
README.md
View file

@ -1,7 +1,7 @@
SSOwat
======
A simple LDAP SSO for nginx, written in Lua
A simple LDAP SSO for NGINX, written in Lua.
<a href="https://translate.yunohost.org/engage/yunohost/?utm_source=widget">
<img src="https://translate.yunohost.org/widgets/yunohost/-/287x66-white.png" alt="Translation status" />
@ -10,25 +10,25 @@ A simple LDAP SSO for nginx, written in Lua
Issues
------
- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues).
- [Please report issues to the YunoHost bugtracker](https://github.com/YunoHost/issues).
Requirements
------------
- Nginx-extras from Debian wheezy-backports
- lua-json
- lua-ldap
- lua-filesystem
- lua-socket
- lua-rex-pcre
- `nginx-extras` from Debian wheezy-backports
- `lua-json`
- `lua-ldap`
- `lua-filesystem`
- `lua-socket`
- `lua-rex-pcre`
**OR**
- Nginx "Openresty" flavored : http://openresty.org/
- lua-ldap
- lua-filesystem
- lua-socket
- lua-rex-pcre
- "OpenResty" flavored NGINX: https://openresty.org/
- `lua-ldap`
- `lua-filesystem`
- `lua-socket`
- `lua-rex-pcre`
Installation
------------
@ -40,10 +40,10 @@ git clone https://github.com/YunoHost/SSOwat /etc/ssowat
```
Nginx configuration
NGINX configuration
-------------------
* Add SSOwat's Nginx configuration (`http{}` scope)
* Add SSOwat's NGINX configuration (`http{}` scope)
```bash
nano /etc/nginx/conf.d/ssowat.conf
@ -72,11 +72,11 @@ If you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent`
## Available parameters
These are the SSOwat's configuration parameters. Only `portal_domain` is required, but it is recommended to know the others to fully understand what you can do with SSOwat.
Only the `portal_domain` SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it.
#### portal_domain
Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**)
Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**).
#### portal_path
@ -84,92 +84,92 @@ URI of the authentication portal (**default**: `/ssowat/`). This path **must** e
#### portal_port
Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`)
Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`).
#### portal_scheme
Whether authentication should use secure connection or not (**default**: `https`)
Whether authentication should use secure connection or not (**default**: `https`).
#### domains
List of handled domains (**default**: similar to `portal_domain`)
List of handled domains (**default**: similar to `portal_domain`).
#### ldap_host
LDAP server hostname (**default**: `localhost`)
LDAP server hostname (**default**: `localhost`).
#### ldap_group
LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`)
LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`).
#### ldap_identifier
LDAP user identifier (**default**: `uid`)
LDAP user identifier (**default**: `uid`).
#### ldap_attributes
User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`)
User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`).
#### ldap_enforce_crypt
Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`)
Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`).
#### allow_mail_authentication
Whether users can authenticate with their mail address (**default**: `true`)
Whether users can authenticate with their mail address (**default**: `true`).
#### login_arg
URI argument to use for cross-domain authentication (**default**: `sso_login`)
URI argument to use for cross-domain authentication (**default**: `sso_login`).
#### additional_headers
Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`)
Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`).
#### session_timeout
The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day)
The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day).
#### session_max_timeout
The session expiracy time limit in seconds (**default**: `604800` / one week)
The session expiracy time limit in seconds (**default**: `604800` / one week).
#### protected_urls
List of priorily protected URLs and/or URIs (**by default, every URL is protected**)
List of priorily protected URLs and/or URIs (**by default, every URL is protected**).
#### protected_regex
List of regular expressions to be matched against URLs **and** URIs to protect them
List of regular expressions to be matched against URLs **and** URIs to protect them.
#### skipped_urls
List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to this array.
List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to it.
#### skipped_regex
List of regular expressions to be matched against URLs **and** URIs to ignore them
List of regular expressions to be matched against URLs **and** URIs to ignore them.
#### unprotected_urls
List of URLs and/or URIs that will not be affected by SSOwat **unless user is authenticated**
List of URLs and/or URIs that will not be affected by SSOwat **unless a user is authenticated**.
#### unprotected_regex
List of regular expressions to be matched against URLs **and** URIs to ignore them **unless user is authenticated**
List of regular expressions to be matched against URLs **and** URIs to ignore them **unless a user is authenticated**.
#### redirected_urls
Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`)
Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`).
#### redirected_regex
Array of regular expressions to be matched against URLS **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`)
Array of regular expressions to be matched against URLs **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`).
#### users
2-level array containing usernames and their allowed URLs along with an App name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`)
2-level array containing usernames and their allowed URLs along with an app name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`).
#### default_language
Language code used by default in views (**default**: `en`)
Language code used by default in views (**default**: `en`).