Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:external2f [2019/02/16 22:57]
cmaudoux [Configuration]
documentation:2.1:external2f [2019/08/04 19:20]
maxbes [Configuration]
Line 14: Line 14:
   * **Send command**: define your command using //​$attribute//​ like in rules. Example: ''/​usr/​local/​bin/​sendOtp --uid $uid''​ or ''/​usr/​local/​bin/​sendCode --uid $uid --code $code''​ if code is generated by the Portal   * **Send command**: define your command using //​$attribute//​ like in rules. Example: ''/​usr/​local/​bin/​sendOtp --uid $uid''​ or ''/​usr/​local/​bin/​sendCode --uid $uid --code $code''​ if code is generated by the Portal
   * **Validation command**: Required ONLY if you delegate code Generation / Verification to an external provider. You must also use //$code// which is the value entered by user; Example: ''/​usr/​local/​bin/​verify --uid $uid --code $code''​   * **Validation command**: Required ONLY if you delegate code Generation / Verification to an external provider. You must also use //$code// which is the value entered by user; Example: ''/​usr/​local/​bin/​verify --uid $uid --code $code''​
-  * **Authentication ​Level**: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5+  * **Authentication ​level** (Optional): if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5
   * **Logo** (Optional): logo file //(in static/<​skin>​ directory)//​   * **Logo** (Optional): logo file //(in static/<​skin>​ directory)//​
 +  * **Label** (Optional): label that should be displayed to the user on the choice screen
  
 <note important>​The command line is split in an array and launched with exec(). So you don't need to enclose arguments in ""​ and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.</​note>​ <note important>​The command line is split in an array and launched with exec(). So you don't need to enclose arguments in ""​ and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.</​note>​
 +
 +=== SELinux note ===
 +
 +If your server is enforcing SELinux policies, make sure your external script has a label that is allowed to be executed by ''​httpd''​.
 +
 +For example, storing your script in ''/​usr/​local/​bin/''​ will give it a ''​bin_t''​ label that will work correctly.
 +
 +If your script has a ''​httpd_sys_script_exec_t''​ type, it will only be able to do external network requests if the SELinux boolean ''​httpd_can_network_connect''​ is enabled.
 +
 +If your script has any other label, it will probably not work at all.