Produits Entr'ouvert » Authentic 2

• settings (they are not fully covered, we should try to use directly the app_settings.py files to generate that doc if possible, to keep it covered at all times)
• LDAP as django-auth-ldap is not used anymore
• attribute management for SAML (attribute aggregator being deprecated)

• basic user and group management using the new manager
• definition of attributes
• plugin system (how to make a plugin, what are the available hooks, idp interface and authentication frontend interface)
• Kerberos authentication (it's an external plugin but maybe should-it be integrated)
• OAuth2 IdP (idem)
• settings around self-servicef of users: my account, registration page, federation management, a kind of end-user manual.

More than work on specific topics what's needed it a reorganization, first installation&configuration, then usual management then advanced topics.

I have an initial proposal:

• Overview
  • Features
  • Source and issue tracker
  • Community support
• Installation
  • Installing (lasso&pip|debian)
  • Creating and initializing the db
  • Creating admin users
  • Running with apache/nginx & serving static files
• Configuration
  • Internal Django directory
    • Realms
    • Custom attributes
  • LDAP authentication
    • Realms
    • OpenLDAP case
    • AD case
    • Generic case (full description of the settings)
  • Kerberos authentication
  • CAS Authentication
  • Sessions&cookies
  • User self-service
    • Registration page
    • Password change
    • Profile page
  • SAML IdP settings
  • OAuth2 IdP settings
  • CAS IdP settings
  • OpenID IdP settings
  • Other settings

• Day to day management
  • Managing users
  • Managing roles/groups
  • Managing SAML service provider
  • Managing OAuth2 service providers
  • Managing CAS service providers
  • Backup and restore
    • using fixtures
    • using pg_dump / psql

• Advanced topics
  • Debugging
    • DEBUG=True
    • DEBUG_LOG
    • debug-toolbar
  • Writing plugins
    • IdP backend interface
    • Frontend interface
    • Authentication backends

We should not just document what exists, when existing is too difficult to document it should be changed. Separation between LibertyProvider, LibertyServiceProvider, SPOptionsIdPPolicy, LibertyProviderPolicy and AttributePolicy are artificial and should be removed. There should be only one object, SAMLServiceProvider that inherits from an abstract SAMLServiceProviderPolicyBase and can be linked to a concrete SAMLServiceProviderPolicy also.

https://pad.libre-entreprise.org/p/eocampauthentik