Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@lukasmatusiewicz
lukasmatusiewicz authored Feb 21, 2024
1 parent 4ead794 commit 6e3de1b
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ There will always be a separate release for IdP Version 4.x.x in the release sec

### Installation:
1. **Copy the package to the server:**
- Chose the archive type for your system from the release page (.zip, .tar.gz, .tar.bz2).
- Choose the archive type for your system from the release page (.zip, .tar.gz, .tar.bz2).
- Copy it with the corresponding signature data (.asc).
- Place both files somewhere in your shibboleth server.
- Place both files somewhere in your Shibboleth server.
2. **Open the terminal and run: `sudo -i` for the admin rights.**
3. **Enable the MFA Module: `$idp_install_path/bin/module.sh -t idp.authn.MFA || $idp_install_path/bin/module.sh -e idp.authn.MFA`.**
4. **Check if the MFA Module is activated: `$idp_install_path/bin/module.sh -l`. If not, turn it on by running `$idp_install_path/bin/module.sh -e idp.authn.privacyIDEA`.**
Expand All @@ -20,7 +20,7 @@ Otherwise, re-run the command from step 5 with `--verbose`.

### Configuration:
1. **Update the *privacyidea.properties* file (`$idp_install_path/conf/authn/privacyidea.properties`) by adding your own configuration data.**<br>
Updating following parameters is required to ensure at least the very basic functionality:
Updating the following parameters is required to ensure at least the very basic functionality:
- `privacyidea.server_url`
- `privacyidea.verify_ssl`
- `privacyidea.authentication_flow`
Expand All @@ -30,28 +30,28 @@ Updating following parameters is required to ensure at least the very basic func
- Example of the *util:map* is located in the *privacyidea.properties* file (`$idp_install_path/conf/authn/privacyidea.properties`).
- Remember to activate the MFA flow.

3. **Turn on the MFA Module by updating following file: `$idp_install_path/conf/authn/authn.properties`.**<br>
3. **Turn on the MFA Module by updating the following file: `$idp_install_path/conf/authn/authn.properties`.**<br>
Note: An example of the configuration can be found in *privacyidea.properties* (`$idp_install_path/conf/authn/privacyidea.properties`).

The different configuration parameters are explained in the following table:

| Configuration | Explanation |
|--------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `privacyidea.server_url` | The URL of your privacyIDEA server. This must to be reachable from the Shibboleth IdP server. |
| `privacyidea.server_url` | The URL of your privacyIDEA server. This must be reachable from the Shibboleth IdP server. |
| `privacyidea.realm` | This realm will be appended to all requests to the privacyIDEA. <br/>Note: Drop it to use the default realm. |
| `privacyidea.verify_ssl` | Choose if the Shibboleth should verify the SSL certificate of the privacyIDEA. <br/>Note: Always verify the SSL certificate in a productive environment! |
| `privacyidea.default_message` | Use this parameter to edit the default user message. |
| `privacyidea.otp_field_hint` | Use this parameter to edit the default placeholder for the OTP input field. |
| `privacyidea.authentication_flow` | Choose one of three possible options:<br>`default` - standard authentication flow,<br>`triggerChallenge` - triggers all challenges beforehand using the provided service account. Required additional parameters: *privacyidea.service_name*, *privacyidea.service_pass* (see below),<br>`sendStaticPass` - performs the privacyIDEA server request automatically beforehand using the provided static password. Required additional parameter: *privacyidea.static_pass* (see below). |
| `privacyidea.service_name` | The username of the service account required by the `triggerchallenge` config option. <br/>Note: Please make sure, that the service account has the correct rights. |
| `privacyidea.service_pass` | The password of your service account required by the `triggerchallenge` config option. |
| `privacyidea.service_pass` | The password of your service account, which is required by the `triggerchallenge` config option. |
| `privacyidea.service_realm` | Specify a separate service account's realm if needed. <br/>Note: If the service account is located in the same realm as the users, it is sufficient to specify the realm in the `privacyidea.realm` parameter. |
| `privacyidea.static_pass` | The password which should be use in the `sendStaticPass` authentication flow. <br/>Note: You can also leave it empty to perform the privacyIDEA server request with empty pass (useful in some scenarios). |
| `privacyidea.static_pass` | The password which should be used in the `sendStaticPass` authentication flow. <br/>Note: You can also leave it empty to perform the privacyIDEA server request with an empty pass (useful in some scenarios). |
| `privacyidea.forward_headers` | Set the headers that should be forwarded to the privacyIDEA. <br/>Note: If some header doesn't exist or has no value, will be ignored. <br/>Note: The header names should be separated by a comma (","). |
| `privacyidea.otp_length` | If you want to turn on the form-auto-submit function after x number of characters are entered into the OTP input field, set the expected OTP length here. <br/>Note: Only digits as the parameter's value allowed here. |
| `privacyidea.otp_length` | If you want to turn on the form-auto-submit function after x number of characters are entered into the OTP input field, set the expected OTP length here. <br/>Note: Only digits as the parameter's value are allowed here. |
| `privacyidea.polling_interval` | Decide after how many seconds the form should be reloaded, to check if the push token was confirmed. Default is 2. |
| `privacyidea.polling_in_browser` | Enable this to do the polling for accepted push requests in the user's browser. When enabled, the login page does not refresh to confirm the push authentication. CORS settings for privacyidea can be adjusted in etc/apache2/sites-available/privacyidea.conf. |
| `privacyidea.polling_in_browser_url` | If poll in browser should use a deviating URL, set it here. Otherwise, the general URL will be used. |
| `privacyidea.polling_in_browser_url` | If 'poll in browser' should use a deviating URL, set it here. Otherwise, the general URL will be used. |
| `privacyidea.debug` | Set this parameter to true to see the debug messages in the `idp-process.log`. |

### Log check:
Expand All @@ -60,5 +60,5 @@ The different configuration parameters are explained in the following table:

### Plugin update:
**To update the plugin, repeat the installation process with the new archive data.<br>
If something goes wrong, check if some of the changed files have their .idpnew copies,<br>
If something goes wrong, check if some of the plugin files have their .idpnew copies,<br>
remove the .idpnew copies, and re-run the install process.**

0 comments on commit 6e3de1b

Please sign in to comment.