diff --git a/README.md b/README.md index d084b79..c180a89 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ SSOwat ====== -A simple LDAP SSO for nginx, written in Lua +A simple LDAP SSO for NGINX, written in Lua. Translation status @@ -10,25 +10,25 @@ A simple LDAP SSO for nginx, written in Lua Issues ------ -- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues). +- [Please report issues to the YunoHost bugtracker](https://github.com/YunoHost/issues). Requirements ------------ -- Nginx-extras from Debian wheezy-backports -- lua-json -- lua-ldap -- lua-filesystem -- lua-socket -- lua-rex-pcre +- `nginx-extras` from Debian wheezy-backports +- `lua-json` +- `lua-ldap` +- `lua-filesystem` +- `lua-socket` +- `lua-rex-pcre` **OR** -- Nginx "Openresty" flavored : http://openresty.org/ -- lua-ldap -- lua-filesystem -- lua-socket -- lua-rex-pcre +- "OpenResty" flavored NGINX: https://openresty.org/ +- `lua-ldap` +- `lua-filesystem` +- `lua-socket` +- `lua-rex-pcre` Installation ------------ @@ -40,10 +40,10 @@ git clone https://github.com/YunoHost/SSOwat /etc/ssowat ``` -Nginx configuration +NGINX configuration ------------------- -* Add SSOwat's Nginx configuration (`http{}` scope) +* Add SSOwat's NGINX configuration (`http{}` scope) ```bash nano /etc/nginx/conf.d/ssowat.conf @@ -72,11 +72,11 @@ If you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent` ## Available parameters -These are the SSOwat's configuration parameters. Only `portal_domain` is required, but it is recommended to know the others to fully understand what you can do with SSOwat. +Only the `portal_domain` SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it. #### portal_domain -Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**) +Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**). #### portal_path @@ -84,92 +84,92 @@ URI of the authentication portal (**default**: `/ssowat/`). This path **must** e #### portal_port -Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`) +Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`). #### portal_scheme -Whether authentication should use secure connection or not (**default**: `https`) +Whether authentication should use secure connection or not (**default**: `https`). #### domains -List of handled domains (**default**: similar to `portal_domain`) +List of handled domains (**default**: similar to `portal_domain`). #### ldap_host -LDAP server hostname (**default**: `localhost`) +LDAP server hostname (**default**: `localhost`). #### ldap_group -LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`) +LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`). #### ldap_identifier -LDAP user identifier (**default**: `uid`) +LDAP user identifier (**default**: `uid`). #### ldap_attributes -User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`) +User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`). #### ldap_enforce_crypt -Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`) +Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`). #### allow_mail_authentication -Whether users can authenticate with their mail address (**default**: `true`) +Whether users can authenticate with their mail address (**default**: `true`). #### login_arg -URI argument to use for cross-domain authentication (**default**: `sso_login`) +URI argument to use for cross-domain authentication (**default**: `sso_login`). #### additional_headers -Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`) +Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`). #### session_timeout -The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day) +The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day). #### session_max_timeout -The session expiracy time limit in seconds (**default**: `604800` / one week) +The session expiracy time limit in seconds (**default**: `604800` / one week). #### protected_urls -List of priorily protected URLs and/or URIs (**by default, every URL is protected**) +List of priorily protected URLs and/or URIs (**by default, every URL is protected**). #### protected_regex -List of regular expressions to be matched against URLs **and** URIs to protect them +List of regular expressions to be matched against URLs **and** URIs to protect them. #### skipped_urls -List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to this array. +List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to it. #### skipped_regex -List of regular expressions to be matched against URLs **and** URIs to ignore them +List of regular expressions to be matched against URLs **and** URIs to ignore them. #### unprotected_urls -List of URLs and/or URIs that will not be affected by SSOwat **unless user is authenticated** +List of URLs and/or URIs that will not be affected by SSOwat **unless a user is authenticated**. #### unprotected_regex -List of regular expressions to be matched against URLs **and** URIs to ignore them **unless user is authenticated** +List of regular expressions to be matched against URLs **and** URIs to ignore them **unless a user is authenticated**. #### redirected_urls -Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`) +Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`). #### redirected_regex -Array of regular expressions to be matched against URLS **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`) +Array of regular expressions to be matched against URLs **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`). #### users -2-level array containing usernames and their allowed URLs along with an App name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`) +2-level array containing usernames and their allowed URLs along with an app name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`). #### default_language -Language code used by default in views (**default**: `en`) +Language code used by default in views (**default**: `en`).