EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix SAML_README.md by escaping less-than and greater-than symbols

Simó Albert i Beltran 2021-05-28 12:06:29 +02:00
parent 0a695041fc
commit 1bacb4694b
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/SAML_README.md
View File

@ -4,7 +4,7 @@ The authentication it is done with SAML plugins in the apps agains a central Key
## Keycloak ## Keycloak
The identity provider administration interface can be reached at https://sso.<yourdomain>. There you can add client apps, roles, groups, users, mappers, etc... Please read documentation at: https://www.keycloak.org/documentation The identity provider administration interface can be reached at https://sso.\<domain\>. There you can add client apps, roles, groups, users, mappers, etc... Please read documentation at: https://www.keycloak.org/documentation
## Applications ## Applications
@ -15,13 +15,13 @@ In this document we will cover **Moodle**, **Nextcloud** and **Wordpress** SAML
Install SAML plugin and follow this steps in **Moodle**: Install SAML plugin and follow this steps in **Moodle**:
1. Activate SAML2 plugin at the **Extensions** -> **Authentication** in Moodle. You should click on the eye. Then enter de *configuration* link. 1. Activate SAML2 plugin at the **Extensions** -> **Authentication** in Moodle. You should click on the eye. Then enter de *configuration* link.
2. Click on the **Regenerate SP certificate** button. Optionally set up your desired certificate data and accept. You will need to get back to SAML2 configuration plugin afterwards. The direct link page is: https://moodle.<yourdomain>/auth/saml2/regenerate.php 2. Click on the **Regenerate SP certificate** button. Optionally set up your desired certificate data and accept. You will need to get back to SAML2 configuration plugin afterwards. The direct link page is: https://moodle.\<domain\>/auth/saml2/regenerate.php
3. Click on the **Lock down** certificate button and accept. This will avoid SAML2 plugin to regenerate the certificate each time we restart Moodle (why has this annoying behaviour?) 3. Click on the **Lock down** certificate button and accept. This will avoid SAML2 plugin to regenerate the certificate each time we restart Moodle (why has this annoying behaviour?)
4. Download **SAML2 Service Provider** xml and save it in a file (better right click and save to file). The direct link page is: https://moodle.<yourdomain>/auth/saml2/sp/metadata.php 4. Download **SAML2 Service Provider** xml and save it in a file (better right click and save to file). The direct link page is: https://moodle.\<domain\>/auth/saml2/sp/metadata.php
Now go to your *keycloak* admin (https://sso.<yourdomain>.) and: Now go to your *keycloak* admin (https://sso.\<domain\>.) and:
1. At **Clients** menú go to **create** new client and import the moodle **SAML2 Service Provider** xml and accept. The direct link is: https://sso.<yourdomain>/auth/admin/master/console/#/create/client/master 1. At **Clients** menú go to **create** new client and import the moodle **SAML2 Service Provider** xml and accept. The direct link is: https://sso.\<domain\>/auth/admin/master/console/#/create/client/master
2. Now go to **Mappers** tab in this client and add this builtins: 2. Now go to **Mappers** tab in this client and add this builtins:
1. *email* 1. *email*
2. *givenName* 2. *givenName*
@ -64,7 +64,7 @@ BEAWARE: of the good programmers, but very bad designers (I empathyze with them
2. Generate Nextcloud SP keys. Sorry, this step is needed. So you should generate your own ones. If you don't know how to install this just enter the nextcloud container (docker exec -ti isard-apps-nextcloud-app /bin/sh) and run the command there and copy the contents elsewhere with the *private.key* and *public.cert* names. 2. Generate Nextcloud SP keys. Sorry, this step is needed. So you should generate your own ones. If you don't know how to install this just enter the nextcloud container (docker exec -ti isard-apps-nextcloud-app /bin/sh) and run the command there and copy the contents elsewhere with the *private.key* and *public.cert* names.
1. **openssl req -nodes -new -x509 -keyout private.key -out public.cert** 1. **openssl req -nodes -new -x509 -keyout private.key -out public.cert**
3. Install SAML plugin. Select **Integrated configuration** at first config page. 3. Install SAML plugin. Select **Integrated configuration** at first config page.
4. Configure at: https://nextcloud.<yourdomain>/settings/admin/saml or going to the **Settings** options in user menú. 4. Configure at: https://nextcloud.\<domain\>/settings/admin/saml or going to the **Settings** options in user menú.
1. **General** 1. **General**
1. Input box: **Attribute to map the UID to**: username 1. Input box: **Attribute to map the UID to**: username
2. Input box: **Optional display name**: *anything you want as this won't be shown when we activate the direct redirect to keycloak SSO login. 2. Input box: **Optional display name**: *anything you want as this won't be shown when we activate the direct redirect to keycloak SSO login.
@ -72,9 +72,9 @@ BEAWARE: of the good programmers, but very bad designers (I empathyze with them
1. **x509**: public.key (generated before) 1. **x509**: public.key (generated before)
2. **Private key**: private.key (generated before) 2. **Private key**: private.key (generated before)
3. **Identity Provider Data** 3. **Identity Provider Data**
1. **Identifier of the IdP**: https://sso.<yourdomain>/auth/realms/master 1. **Identifier of the IdP**: https://sso.\<domain\>/auth/realms/master
2. **URL target of the IdP**: https://sso.<yourdomain>/auth/realms/master/protocol/saml 2. **URL target of the IdP**: https://sso.\<domain\>/auth/realms/master/protocol/saml
3. **URL Location of the IdP SLO request**: https://sso.<domain>/auth/realms/poc/protocol/saml 3. **URL Location of the IdP SLO request**: https://sso.\<domain\>/auth/realms/poc/protocol/saml
4. **Public X.509 certificate**: (The *RSA Certificate* from keycloak at the very first step number 1). 4. **Public X.509 certificate**: (The *RSA Certificate* from keycloak at the very first step number 1).
4. **Attribute mapping** 4. **Attribute mapping**
1. **email**: email 1. **email**: email
@ -91,8 +91,8 @@ BEAWARE: of the good programmers, but very bad designers (I empathyze with them
If you reached this point you are almost done with Nextcloud SAML configuration if the *annoying* live update of this plugin page shows at the bottom the **Download XML metadata** with no errors. Now let's go back to **Keycloak admin console** and finish configuration. If you reached this point you are almost done with Nextcloud SAML configuration if the *annoying* live update of this plugin page shows at the bottom the **Download XML metadata** with no errors. Now let's go back to **Keycloak admin console** and finish configuration.
1. At **Clients** menú go to **create** new client and import the nextcloud **SAML2 Service Provider** xml that you just downloaded and accept. The direct link is: https://sso.<yourdomain>/auth/admin/master/console/#/create/client/master. 1. At **Clients** menú go to **create** new client and import the nextcloud **SAML2 Service Provider** xml that you just downloaded and accept. The direct link is: https://sso.\<domain\>/auth/admin/master/console/#/create/client/master.
1. My guru that I referenced at the beginning of this documentation says that you should set the **Client SAML Endpoint** to https://sso.<yourdomain>/auth/realms/master prior to accepting the uploaded xml data. I tested that this is not really needed. 1. My guru that I referenced at the beginning of this documentation says that you should set the **Client SAML Endpoint** to https://sso.\<domain\>/auth/realms/master prior to accepting the uploaded xml data. I tested that this is not really needed.
2. Now go to **Mappers** tab in this client and create **Custom Mapper** fields: NOTE: ONLY USERNAME and ROLES WORKING. Nextcloud doesn't get email 2. Now go to **Mappers** tab in this client and create **Custom Mapper** fields: NOTE: ONLY USERNAME and ROLES WORKING. Nextcloud doesn't get email
1. Name: `username` 1. Name: `username`
Mapper Type: *User Property* Mapper Type: *User Property*
@ -193,4 +193,4 @@ NOTE: Client Id in Keycloak has to be exactly **php-saml**. It could be modified
SAML Attribute NameFormat: *Basic* SAML Attribute NameFormat: *Basic*
Single Role Attribute: *On* Single Role Attribute: *On*
To access as an admin again you should use the url: https://wp.<domain>/wp-login.php?normal To access as an admin again you should use the url: https://wp.\<domain\>/wp-login.php?normal