Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:cli_examples [2019/05/17 14:54]
coudot [Configure SAML Identity Provider]
documentation:2.1:cli_examples [2020/04/23 16:33] (current)
coudot
Line 2: Line 2:
  
 This page shows some examples of LL::NG Command Line Interface. See [[configlocation#​command_line_interface_cli|how to use the command]]. This page shows some examples of LL::NG Command Line Interface. See [[configlocation#​command_line_interface_cli|how to use the command]].
 +
 +<note important>​On Debian, the command is located in ''/​usr/​share/​lemonldap-ng/​bin''​ and on CentOS in ''/​usr/​libexec/​lemonldap-ng/​bin''​. Adapt the path for the system you are using.</​note>​
 +===== Save/​restore configuration =====
 +
 +Save:
 +<code sh>
 +/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli save >​config.json
 +</​code>​
 +
 +Restore:
 +<code shell>
 +/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli restore config.json
 +# Or
 +/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli restore - <​config.json
 +</​code>​
 +
 +Rollback (restore previous configuration):​
 +
 +<code shell>
 +/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli rollback
 +</​code>​
 +
  
 ===== Configure HTTPS ===== ===== Configure HTTPS =====
Line 11: Line 33:
     set \     set \
         portal https://​auth.example.com \         portal https://​auth.example.com \
 +        mailUrl https://​auth.example.com/​resetpwd \
 +        registerUrl https://​auth.example.com/​register \
         https 1 \         https 1 \
         securedCookie 1         securedCookie 1
Line 182: Line 206:
 </​code>​ </​code>​
  
-===== Configure ​SAML Identity Provider =====+===== Configure ​CAS Identity Provider =====
  
-You can then generate a private key and a self-signed certificate with these commands;+You just have to enable the CAS server feature, ​and you can set the access control policy (see [[idpcas#​configuring_the_cas_service|CAS service options]]):
 <​code>​ <​code>​
-openssl req -new -newkey rsa:​4096 ​-keyout saml.key ​-nodes  -out saml.pem -x509 -days 3650+/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \ 
 +    set \ 
 +        issuerDBCASActivation 1 \ 
 +        casAccessControlPolicy error
 </​code>​ </​code>​
  
-Import them in configuration:​+===== Register a CAS application ===== 
 + 
 +This is only required if your access control policy is not ''​none''​. 
 + 
 +In this example we have: 
 +  * App configuration ​key: testapp 
 +  * App service URL: https://​testapp.example.com/​ 
 +  * App exported attributemail and cn 
 <​code>​ <​code>​
 /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \ /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \
-    ​set +    ​addKey ​
-        ​samlServicePrivateKeySig "`cat saml.key`" ​+        ​casAppMetaDataExportedVars/​testapp mail mail 
-        ​samlServicePublicKeySig "`cat saml.pem`"+        ​casAppMetaDataExportedVars/​testapp cn cn 
 +        casAppMetaDataOptions/​testapp casAppMetaDataOptionsService '​https://​testapp.example.com/'
 </​code>​ </​code>​
  
-Activate the SAML Issuer:+===== Configure ​SAML Identity Provider ===== 
 + 
 +You can then generate a private key and a self-signed certificate with these commands; 
 +<​code>​ 
 +openssl req -new -newkey rsa:4096 -keyout saml.key -nodes ​ -out saml.pem -x509 -days 3650 
 +</​code>​ 
 + 
 +Import them in configuration and activate the SAML issuer
 <​code>​ <​code>​
 /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \ /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \
     set \     set \
 +        samlServicePrivateKeySig "`cat saml.key`"​ \
 +        samlServicePublicKeySig "`cat saml.pem`"​ \
         issuerDBSAMLActivation 1         issuerDBSAMLActivation 1
 </​code>​ </​code>​
Line 329: Line 374:
 </​code>​ </​code>​
  
 +===== Encryption key =====
 +
 +To update the master encryption key:
 +<​code>​
 +/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \
 +    set \
 +        key '​xxxxxxxxxxxxxxx'​
 +</​code>​