diff --git a/Assertion-Manager/installation.md b/Assertion-Manager/installation.md
index 17df9b7eeb3fa040ae7acc1aa5844b6dffcdc430..8ca44243996dd9d1efa1bcd21ad45fff852e53e7 100755
--- a/Assertion-Manager/installation.md
+++ b/Assertion-Manager/installation.md
@@ -65,7 +65,7 @@ Database name : assertion-manager-gui
1. Unzip the archive
-1. Edit the application_url value in init.sql. You might also want to edit application_works_without_cas.
+1. Edit the application_url value in init.sql.
1. From the bash, update the application configuration by running :
@@ -92,10 +92,6 @@ Here is the list of configuration variables that must be defined:Â
| Variable| Default value | Description|
|---------|----------------------------------------------------------------------------------------------------------------|------------|
| application_url | http://server_domain:8080/AssertionManagerGui | URL to reach the tool|
-| application_works_without_cas | true | Indicates authentication mechanism to use|
-| ip_login | true | Indicates authentication mechanism to use|
-| ip_login_admin | .\* | Pattern to grant users as admin based on their IP address|
-| cas_url | Not defined | URL of the CAS service|
| upload_max_size | 100000000 | Used to limit uploaded files size|
| assertion_manager_rest_path_to_assertion | /testAssertion/assertion | do not change|
| assertion_manager_rest_url | https://server_domain:8080/AssertionManagerGui/rest |  update server_domain:8080 to fit your needs.|
@@ -114,6 +110,17 @@ Here is the list of configuration variables that must be defined:Â
| application_release_notes_url | https://gazelle.ihe.net/jira/browse/AS#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel | |
| application_issue_tracker_url | https://gazelle.ihe.net/browse/EVSCLT | URL of the project in the issue tracking system |
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
# Compile from sources
diff --git a/Authentication-Simulator/installation.md b/Authentication-Simulator/installation.md
index c2a9cfa6ce8ce03f25ff3c390619695a447421e7..40da39debc7c95116edab746c7ccf30a9a587a48 100755
--- a/Authentication-Simulator/installation.md
+++ b/Authentication-Simulator/installation.md
@@ -62,7 +62,7 @@ Authentication Simulator needs an another ear to parse the shibboleth logs. This
1. Unzip the archive
-1. Edit the application_url value in init.sql. You might also want to edit application_works_without_cas and the idp_adapter_wsdl_endpoint configurations.
+1. Edit the application_url value in init.sql. You might also want to edit the idp_adapter_wsdl_endpoint configuration.
1. From the bash, update the application configuration by running :
diff --git a/CDA-Generator/installation.md b/CDA-Generator/installation.md
index 1bc7fa52205b5dc55e393c78ef76bff70e05fdad..1888ee1c8806f1cd37feea4d0ccb7e89104ab567 100755
--- a/CDA-Generator/installation.md
+++ b/CDA-Generator/installation.md
@@ -175,17 +175,11 @@ INSERT INTO cmn\_application\_preference VALUES (28, 'java.lang.Boolean', '', 'i
INSERT INTO cmn\_application\_preference VALUES (48, 'java.lang.Boolean', '', 'cas\_enabled', 'true');
-INSERT INTO cmn\_application\_preference VALUES (47, 'java.lang.String', '', 'application\_works\_without\_cas', 'false');
-
-INSERT INTO cmn\_application\_preference VALUES (46, 'java.lang.String', '', 'cas\_url', '[*https://gazelle.ihe.net/cas/*](https://gazelle.ihe.net/cas/)');
-
INSERT INTO cmn\_application\_preference VALUES (47, 'java.lang.String', ' ', 'bbr_folder', '/opt/CDAGenerator/BBR/');
INSERT INTO cmn\_application\_preference VALUES (48, 'scorecard_root_oid', 'An OID with trailing DOT (.)', 'java.lang.String', 'The root OID for identifying scorecards');
INSERT INTO cmn\_application\_preference VALUES (49, 'scorecard_next_index', '1', 'java.lang.Integer', 'The next index to be used for identifying scorecards');
-
-
```
| **variable** | **Description** | **type** | **default**|
@@ -200,17 +194,23 @@ INSERT INTO cmn\_application\_preference VALUES (49, 'scorecard_next_index', '1'
| application\_name | application's name | java.lang.String | CDAGenerator |
| application\_profile | application's profile (always prod) | java.lang.String | prod |
| application\_url | application's URL | java.lang.String | https://gazelle.ihe.net/CDAGenerator |
-| application\_works\_without\_cas | cas configuration | java.lang.Boolean | false |
| application\_zone | application zone | java.lang.String | GMT+1 |
| assertion\_manager\_url | link to assertion manager | java.lang.String | https://gazelle.ihe.net/AssertionManagerGui |
| Cache-Control | Application should return caching directives instructing browsers not to store local copies of any sensitive data. | java.lang.String | private, no-cache, no-store, must-revalidate, max-age=0 |
-| cas\_enabled | Enables connecting using cas. If disabled, the application will use IP login if `ip_login` is set to true. | java.lang.Boolean | true |
-| cas\_url | cas url | java.lang.String | https://gazelle.ihe.net/cas |
| cda\_result\_detail | link to cda stylesheet result | java.lang.String | https://gazelle.ihe.net/EVSClient/xsl/schematronResultStylesheet.xsl |
| cda\_xsd | path to schema | java.lang.String | /opt/CDAGenerator/xsd/ihe\_lab/infrastructure/cda/LabCDA.xsd |
-| ip\_login | Enables the connection by IP. This can only be activated if cas is disabled. | java.lang.String | /opt/CDAGenerator/xsd/ihe\_lab/infrastructure/cda/LabCDA.xsd |
-| ip\_login\_admin | Regex IP needs to match to be connected to the application when IP login is enabled. Has no effect if cas is enabled. | java.lang.String | /opt/CDAGenerator/xsd/ihe\_lab/infrastructure/cda/LabCDA.xsd |
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
## Compile
diff --git a/Demographic-Data-Server/installation.md b/Demographic-Data-Server/installation.md
index 182145f992911256f6a8ab3f0575eee2c7c80b76..1946449517703c16d1b34fa43832dbb80ce55797 100755
--- a/Demographic-Data-Server/installation.md
+++ b/Demographic-Data-Server/installation.md
@@ -86,10 +86,20 @@ Database name : demographic-data-server
|application_documentation | Link to the user guide | https://gazelle.ihe.net/gazelle-documentation/Demographic-Data-Server/user.html |
|application_mode | | full |
|application_url | URL to access the application | https://FQDN/DDS |
-|application_works_without_cas | Enable or disable the CAS authentication | true |
|DDS_domain | | DDS |
|DDS_OID | Unique identifier of the tool instance | 1.1.1.1.1.1.1.1.1.1.1.1 |
|hl7v3_sender_timeout | | 15000 |
-|ip_login_admin | Regex to authorize ip authentication if CAS authentication is disabled | .* |
|issue_tracker_url | Link to the issue reporter (JIRA) | https://gazelle.ihe.net/jira/browse/DDS |
|time_zone | Used to display date/time in the appropriate time zone | Europe/Paris |
+
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/Gazelle-Communication-Tool/installation.md b/Gazelle-Communication-Tool/installation.md
index 38efe75d127c9bb23be4c198c0e582f8cde2a1d0..b885525631a91d11bde4788dd620cb90306a0361 100755
--- a/Gazelle-Communication-Tool/installation.md
+++ b/Gazelle-Communication-Tool/installation.md
@@ -98,8 +98,6 @@ Here is the list of configuration variables that must be defined:Â
| Gazelle communication tools enabled | true | |
| application_url | http://server_domain:8180/gazelle | URL to reach the tool |
| Gazelle communication tools URL | http://server_domain:8080/gazelle | URL to reach the communication tool |
-| application_works_without_cas | false | Indicates authentication mechanism to use |
-| cas_url | http://keycloak.localhost:28080/realms/gazelle/protocol/cas | URL of the CAS service |
| upload_max_size | 100000000 | Used to limit uploaded files size |
| assertion_manager_rest_url | https://server_domain:8180/gazelle/rest |  update server_domain:8080 to fit your needs. |
| security-policies | true | Â Enable security features |
@@ -111,6 +109,17 @@ Here is the list of configuration variables that must be defined:Â
| application_documentation | https://gazelle.ihe.net/content/gazelle | |
| documentation_url | https://gazelle.ihe.net/content/gazelle | |
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
## Database configuration
To insert values with an sql script, connect to the database :
diff --git a/Gazelle-FHIR-Validator/installation.md b/Gazelle-FHIR-Validator/installation.md
index 9a835081f45b1e76c2a390fc1d9f624d3d9d0ada..f068298c3ab2f7d7987a16135816dcfc7c009adf 100755
--- a/Gazelle-FHIR-Validator/installation.md
+++ b/Gazelle-FHIR-Validator/installation.md
@@ -89,13 +89,10 @@ Under the Administration menu, you will find a sub-menu entitled "Configuration"
| application\_url |  The URL used by any user to access the tool. The application needs it to build permanent links inside the tool |  https://publicUrlOfJboss/GazelleFhirValidator |
| application_issue_tracker | Link to the issue tracker where users can report issues (used in the footer of the app) | https://gazelle.ihe.net/jira/browse/FHIRVAL |
| application_release_note_url | Link to the release note of the tool (used in the footer of the app) | https://gazelle.ihe.net/jira/browse/FHIRVAL |
-| application_works_without_cas | True = no login required to access the tool, event page with restricted access, False = use Gazelle SSO | false |
| contact_email | The email of the person to contact for any questions regarding the tool (used in the footer of the app) | |
| contact_name | Name of the person to contact for any questions regarding the tool (used in the footer of the app) | |
| contact_title | Function of the person to contact for any questions regarding the tool (used in the footer of the app) | |
| documentation_url | Link to the user manual (used in the footer of the tool) | https://gazelle.ihe.net/gazelle-documentation/Gazelle-FHIR-Validator/user.html |
-| ip_login | True = users with IP address matching ip_login_regex will be granted as admin | false |
-| ip_login_admin | regex to restrict access to a list of IP address | .* |
| NUMBER_OF_ITEMS_PER_PAGE | Default number of entries in tables | 20 |
| structure_definition_stylesheet_location | URL of the XSL used to display the structure definition | https://gazelle.ihe.net/xsl/fhir/structureDefinition.xsl |
| time_zone | Default time zone to be used to display dates and times | Europe/Paris |
@@ -103,6 +100,17 @@ Under the Administration menu, you will find a sub-menu entitled "Configuration"
| code_system_location | Where the tool accesses the code systems to be loaded | /opt/fhir-structure-definition/CodeSystem |
| ig_fhir_server_url | URL of the Fhir Server used for validation | http://localhost:8080/hapi-fhir-jpavalidator/fhir|
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
## Managing validators
diff --git a/Gazelle-HL7-Validator/installation.md b/Gazelle-HL7-Validator/installation.md
index 6b2ca022fec3b74c412fe94241682df0791f643c..769df729c07be4dae74521a539ae1e6e0c11706e 100755
--- a/Gazelle-HL7-Validator/installation.md
+++ b/Gazelle-HL7-Validator/installation.md
@@ -77,7 +77,7 @@ __IMPORTANT NOTICE__: Before to apply this script into your database, open it an
Otherwise, download it from Inria’s forge (See Sources section)
-Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the cas\_url, application\_url and other preferences relative to the user authentication (see Application configuration section). **Context path for deployment is /GazelleHL7Validator**.
+Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the application\_url and other preferences relative to the user authentication (see Application configuration section). **Context path for deployment is /GazelleHL7Validator**.
Finally, execute the script:Â
@@ -132,7 +132,6 @@ Use the Administration menu, you will find a sub-menu entitled "Configure applic
|----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
| application\_issue\_tracker\_url | The URL of the bug tracking system where to post issues | https://gazelle.ihe.net/jira/projects/HLVAL/summary |
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | http://publicUrlOfJboss/GazelleHL7Validator |
-| cas\_url | If you intent to use a CAS, put its URL here | https://gazelle.ihe.net/cas |
| force\_stylesheet | HL7MessageProfiles and HL7 resources are XML files displayed with a stylesheet declared in the file and referenced on gazelle.ihe.net. To avoid cross-site references, most browsers do not follow those links and as a consequence do not display the XML file correctly. This property tells the tool to change the link to the stylesheet before sending the file to the client | true |
| gmm\_hl7messageprofile\_wsdl | Access Hl7MessageProfile webservice exposed by GMM (or TM configured to work also as GMM) | https://publicUrlOfJboss/gazelle-gmm-gazelle-tm-ejb/Hl7MessageProfile?wsdl |
| gmm\_iheconcepts\_wsdl | Access IHEConcepts web service exposed by GMM (or TM configured to work also as GMM) | http://131.254.209.12:8080/gazelle-gmm-gazelle-tm-ejb/IHEConcepts?wsdl |
@@ -154,6 +153,18 @@ Use the Administration menu, you will find a sub-menu entitled "Configure applic
| xsd\_directory\_location | where to find the XSD files for HL7v3 validation service | example : /home/gazelle/xsd/HL7V3/NE2008/multicacheschemas |
| xcpd\_plq\_xsd\_location | where to find the XSD files for XCPD/PLQ validation service | example : /home/gazelle/xsd/IHE/XCPD\_PLQ.xsd |
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
# Home page
The first time you access the application, you may notice that the home page of the tool is not configured. To set a title and a welcome message, log into the application with admin rights.
diff --git a/Gazelle-Security-Suite/installation.md b/Gazelle-Security-Suite/installation.md
index 5c0e8b0334fc4c6189cb6810ea43ebf82d702033..8c57ce36e655f812991af44aafbf199b778c2151 100755
--- a/Gazelle-Security-Suite/installation.md
+++ b/Gazelle-Security-Suite/installation.md
@@ -182,17 +182,6 @@ Example (version number are hypothetical) : to update GSS from 5.1.0 to 5.1.5 yo
Application can be configured directly from the web interface. From the menu, go to Administration > Application preferences _(you need to be logged in as admin\_role)_.
-## GSS Double Central Authentication Service
-
-Basicaly one Gazelle Central Authentication Service provide user authentication for all Gazelle applications in a test bed. However we once had the need to connect one instance of GSS with two test beds. We implemented a feature to answer this need and decide to leave the option available for public. So GSS can be connected with two distinct Authentication Services and users are identified from two databases. GSS concatenate the username and the CAS key to preserve username uniqueness all over the application. Of course the second authentication channel is optional and can be turned off.
-
-Note that every configuration variable related to a user feature is then derivated in two versions and prefixed with **main\_** or **second\_**. It allows admin to configure options and services for the first or the second test bed.
-
-There is two files that need to be created in /opt/gazelle/cas :
-
-* file.properties : This is the configuration file for the main cas, used in all the other tools. It should be already present.
-* file_second_cas.properties : This is the configuration file for the second cas.
-
## Gazelle PKI specific considerations
PKI features of GSS require to define a certificate authority (CA) for :
@@ -223,7 +212,6 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **application\_documentation** | The link to the user manual. | https://gazelle.ihe.net/content/gazelle-security-suite |
| **application\_issue\_tracker** | The link to the section of the issue tracker where to report issues about Gazelle-Security-Suite | https://gazelle.ihe.net/jra/browse/TLS |
| **application\_release\_notes** | The link to the application release notes | https://gazelle.ihe.net/jira/browse/TLS\#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel |
-| **application\_works\_without\_cas** | Specifies if the Central Authentication Service (CAS) is used or not. If no CAS is used, property shall be set to true | true |
| **application\_url** | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | http://localhost:8080/gss |
| **assertion\_manager\_url** | To link tests and validators to assertions, you will need to deploy Assertion Manager in the test bed. Provide its URL here. | http://localhost:8080/AssertionManagerGui |
| **atna\_mode\_enabled** | Enable/disable Audit Trail features : ATNA-Questionnaire and Audit-Message validation. | true |
@@ -236,8 +224,6 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **dicom\_xsd** | Absolute system path to the DICOM schema (Audit Message validation). | /opt/tls/dicom\_syslog\_ext\_us.xsd |
| **dcmdump_path** | Absolute system path to the dcmdump binary | /usr/bin/dcmdump |
| **evs\_client\_url** | The URL of the Gazelle EVSClient application. This is required to validate the messages captured by the proxy. | http://localhost:8080/EVSClient |
-| **ip\_login** | If the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | false |
-| **ip\_login\_admin** | Regex to be matched by IP addresses of the users granted as admin if "ip\_login" is set to "true" | .\* |
| **java\_cacerts\_truststore\_pwd** | GSS is also using the **cacerts** JVM truststore to validate certificates (located in ${JAVA\_HOME}/jre/lib/security/cacerts). Provide here its password. | changeit |
| **jms_communication_is_enabled** | Enable/disable JMS communication through the proxy. | false |
| **main\_cas\_keyword** | Key used to distinct authentication service (maximum length 8). | 1ST |
@@ -255,13 +241,7 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **questionnaire\_display\_inbounds** | Enable/disable the *Inbound network communications* tab in ATNA Questionnaire | true |
| **questionnaire\_display\_outbounds** | Enable/disable the *Outbound network communications* tab in ATNA Questionnaire | true |
| **questionnaire\_display\_tls\_tests** | Enable/disable the *TLS Tests* tab in ATNA Questionnaire | true |
-| **rfc3881\_xsd** | Absolute system path to the RFC3881 schema (Audit Message validation). | /opt/tls/RFC3881.xsd |
-| **second\_cas\_enabled** | Enable/disable second CAS authentication. | false |
-| **second\_cas\_keyword** | Key used to distinct authentication service (maximum length 8). | null |
-| **second\_cas\_name** | Name of the authentication service displayed in the GUI. | null |
-| **second\_tm\_application\_url** | URL of Gazelle Test Management linked with the second CAS. | null |
-| **second\_tm\_message\_ws** | URL of the Messages web-service of Gazelle Test Management linked with the second CAS. | null |
-| **second\_tm\_pki\_admins** | List of PKI admins usernames in Gazelle Test Management linked with the second CAS (separated with a coma). They will receive a message alert each time a certificate is requested and require a manual validation. | null |
+| **rfc3881\_xsd** | Absolute system path to the RFC3881 schema (Audit Message validation). | /opt/tls/RFC3881.xsd | |
| **storage\_dicom** | Absolute path to the system folder used to store the DICOM datasets | /opt/tls/DICOM |
| **syslog_automatic_start_enabled** | Enable/disable automatic startup of Syslog simulators at application startup. | false |
| **syslog_collector_enabled** | Enable/disable Syslog simulator feature. | false |
@@ -273,3 +253,16 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **xua\_mode\_enabled** | Enable/disable XUA assertions validator. | true |
| **xmldsig_core_schema_location** | URL to the XML schema for verifying ds:Signature element |https://gazelle.ihe.net/XSD/IHE/XUA/xmldsig-core-schema.xsd |
| **http_max_content_size** | The maximum size of http content that can be supported by the http proxy (the size is in MB) |16 |
+
+
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/Gazelle-Transformation-Service/installation.md b/Gazelle-Transformation-Service/installation.md
index 44e7f9c16e02af079d5437cf44b04b14b8921c51..b3336533e31171a48dfc2423d351468a2bdf6f57 100755
--- a/Gazelle-Transformation-Service/installation.md
+++ b/Gazelle-Transformation-Service/installation.md
@@ -288,11 +288,19 @@ Use the Administration menu, you will find a sub-menu entitled "Configure applic
| application_release_notes_url | URL to the release note of the tool | https://gazelle.ihe.net/jira/projects/TRANSFOSRV?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page&status=released|
| application_url | Complete URL of the tool | http://localhost:8580/transformation|
| application_url_basename | URL first resource to reach the tool | /transformation|
-| application_works_without_cas | Enable/disable CAS login | true|
| bin_path | File system path used by Gazelle Transformation | /opt/DaffodilTransformation/dfdl|
-| cas_url | URL of the Central Authentication Service | https://gazelle.ihe.net/cas|
| documentation_url | URL of the documentation | https://gazelle.ihe.net/gazelle-documentation/Gazelle-Transformation-Service/user.html|
-| ip_login | Enable/disable IP filtering for admin login (works only if CAS login disabled) | false|
-| ip_login_admin | Regular expresion for filtering IPs | .* |
| NUMBER_OF_ITEMS_PER_PAGE | Number of rows displayed by table pagination | 20|
| time_zone | Time Zone for display | Europe/Paris|
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/Gazelle-Webservice-Tester/installation.md b/Gazelle-Webservice-Tester/installation.md
index 97009a2689af6a504d78c5e6a51dc6e58b58189c..82da0efd75764c9a13f32e9760a8ee5e8180ba18 100755
--- a/Gazelle-Webservice-Tester/installation.md
+++ b/Gazelle-Webservice-Tester/installation.md
@@ -63,7 +63,7 @@ Database name : gazelle-webservice-tester
1. Unzip the archive into a folder named `gwt-sql`
-1. Edit the application_url value in init.sql. You might also want to edit application_works_without_cas.
+1. Edit the application_url value in init.sql.
1. From the bash, update the application configuration by running :
```bash
diff --git a/Gazelle-X-Validator-Rule-Editor/installation.md b/Gazelle-X-Validator-Rule-Editor/installation.md
index ab1c987c3c9e35f04e989e552d5300a178f8e722..dd539ec7808b2d0b4029b4ec0e1d78967bdf88a8 100755
--- a/Gazelle-X-Validator-Rule-Editor/installation.md
+++ b/Gazelle-X-Validator-Rule-Editor/installation.md
@@ -80,10 +80,8 @@ Database name : gazelle-x-validator-rule-editor
| Preference name | Description | Default value |
|-----------------|-----------------------------------------|---------------------|
|application_url | URL to access the application | https://FQDN/GazelleXValidatorRuleEditor |
-|application_works_without_cas | Enable or disable the CAS authentication | true |
|assertion_manager_url | URL to the assertion manager tool instance | https://FQDN/AssertionManagerGui |
|documentation_url | Link to the user documentation | https://gazelle.ihe.net/gazelle-documentation/Gazelle-X-Validator-Rule-Editor/user.html |
-|ip_login_admin | Regex to authorize ip authentication if CAS authentication is disabled | .* |
|release_notes_url | Link to the issue reporter (JIRA) | https://gazelle.ihe.net/jira/browse/XVALEDIT#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel |
|svs_repository_url | URL to the svs repository instance | - |
|ut_directory | | /opt/x_validation/ut_directory |
@@ -95,3 +93,15 @@ Database name : gazelle-x-validator-rule-editor
|xvalidator_directory | | /opt/x_validation |
|x_validator_root_oid | X val root OID | 1.1.1.1.1.1.1.1.1.1.1.1.1. |
|xvalidator_xsl_url | | https://FQDN/GazelleXValidatorRuleEditor/resources/stylesheet/gazelleXValidator.xsl |
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/HPD-Simulator/installation.md b/HPD-Simulator/installation.md
index 28b13db0497faa05311cc467027054f099545d5b..1c2d4f3223c5077a898ff0cbd5ff123a0a5baeb1 100755
--- a/HPD-Simulator/installation.md
+++ b/HPD-Simulator/installation.md
@@ -311,7 +311,6 @@ A subordinate node is reprensenting by the LDAPNode object which is composed of
|----------------------------------|------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|
| application\_name | The name of the application | HPD Simulator |
| application\_url | URL to reach the tool | https://gazelle.ihe.net/HPDSimulator |
-| application\_works\_without\_cas | Indicates whether the users are authenticated using the CAS service or another mechanism | false |
| assertion\_manager\_url | Link to the Assertion Manager tool | https://gazelle.ihe.net/AssertionManagerGui |
| dsml\_xsl\_location | URL of the stylesheet used to display DSMLv2 messages | https://gazelle.ihe.net/xsl/dsmlStylesheet.xsl |
| ldap\_password | Password used to log onto the LDAP server (if authentication is required) | N/A (no authentication put in place) |
@@ -325,6 +324,18 @@ A subordinate node is reprensenting by the LDAPNode object which is composed of
| time\_zone | To display time in the appropriate time zone | Europe/Paris |
| xsd\_location | URI to access the DSMLv2 schema (used by validation service) | /opt/hpd/xsd/IHE/DSMLv2.xsd |
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
# Configuration of the documentation for HPD Model-based validator
The administrator is able to configure the documentation of HPD constraints and rules
diff --git a/Order-Manager/installation.md b/Order-Manager/installation.md
index e6f2805f8ac11f158124f01e9710cc8e0fcfb496..4fd2b04b136439f6ea2d143998a036c14b7525c1 100755
--- a/Order-Manager/installation.md
+++ b/Order-Manager/installation.md
@@ -89,7 +89,7 @@ Database name : order-manager
You first need to initialize the database with some data available in a SQL script. If you have checked out the project, the script is available in OrderManager-ear/src/main/sql/import.sql
-Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the cas\_url, application\_url and other preferences relative to the user authentication (see Application configuration section)
+Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the application\_url and other preferences relative to the user authentication (see Application configuration section)
Finally, execute the script:
```bash
@@ -109,8 +109,6 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| application\_issue\_tracker\_url | URL of the helpdesk or project for Order Manager in your bug tracker tool | [*Link to jira*](https://gazelle.ihe.net/jira/browse/OM)|
| application\_release\_note\_url | URL to the release note in JIRA (or elsewhere) | [*Link to JIRA*](https://gazelle.ihe.net/jira/browse/OM)|
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool| http://publicUrlOfJboss/OrderManager |
-| application\_works\_without\_cas | Tells the application how users are authenticated | True: all users are granted as admin<br>False: uses a CAS service to authenticate users|
-| cas\_url | If you intent to use a CAS, put its URL here | https://gazelle.ihe.net |
| contact\_email | The email address of the person to be contacted by the user in case help is needed | - |
| contact\_name | The name of the person to be contacted by the user in case help is needed | - |
| contact\_title | The title of the person to be contacted by the user in case help is needed | - |
@@ -124,8 +122,6 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| eye\_order\_hierarchy\_location | Location of the XML file used to perform the matching between orders and procedures/protocols in the context of the Eyecare workflow profile | [*Default file*](https://gazelle.ihe.net/examples/orderHierarchy-EYE2012.xml)|
| gazelle\_hl7v2\_validator\_url | URL of the Gazelle HL7 Validator tool | [Gazelle HL7 Validator](https://gazelle.ihe.net/GazelleHL7Validator)|
| hl7v2\_xsl\_location | URL to access the XML stylesheet used to display HL7v2.x validation results| [*XSL location*](https://gazelle.ihe.net/xsl/hl7Validation/resultStylesheet.xsl)|
-| ip\_login | if the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | true: only users whom IP address matches the regex set in ip\_login\_admin are granted as admin<br>false: no IP address check |
-| ip\_login\_admin | regex to be matched by IP address of the users granted as admin | .\* will grant every one as admin |
|laboratory_enabled | Enabled/Disabled the Laboratory entry in the menu | true |
|message_permanent_link | Permanent link to message details | http://publicUrlOfJboss/OrderManager/messages/MessageDisplay.seam?id=
|NUMBER_OF_ITEMS_PER_PAGE | Default number of rows to be displayed in tables | 20 |
@@ -144,6 +140,18 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| wlmscpfs\_port | the port on which the worklist listens to | 12345 |
| worklists\_basedir | where to store worklists for retrieve by dcmtk |/opt/worklists|
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
### HL7v2.x responders
From the Administration > HL7 Responders configuration page, you will be able to configure each actor of the tool playing the role of a responder in a HL7-based transaction. An entry in this table consists in the receiving application and facility and the port on which it listens to incoming messages. You can also configure the encoding for receiving message (always ER7 for IHE) as weel as the transport protocol to be used (always MLLP for IHE). If you are using HL7 over HTTP, you will be asked to provide the URL of the endpoint instead of the IP address/port couple.
diff --git a/Patient-Manager/installation.md b/Patient-Manager/installation.md
index c41c07c4642a907ee0cd9394d624c492e02e1ee0..58fb517b0375c55210b32c994fe5255f27228e28 100755
--- a/Patient-Manager/installation.md
+++ b/Patient-Manager/installation.md
@@ -94,7 +94,7 @@ For more informations about how to manage that externalization, please refer to
6. If you do not intent to use any CAS service, execute the following SQL command
- `update app\_configuration set value = 'true' where variable = 'application\_works\_without\_cas';`
+ `update app\_configuration set value = 'true' where variable = 'cas\_enabled';`
7. Finally, open your favorite browser (please avoid usage of IE), and go to
@@ -178,7 +178,6 @@ Under the Administration menu, you will find a sub-menu entitled "Configure appl
|  application\_namespace\_id |  Defines the namespaceID of the issuer of the identifiers generated by the tool |  IHEPAM |
| Â application\_universal\_id | Â Defines the universal ID of the issuer of the identifiers generated by the tool. It's formatted as an OID and shall be unique across all instances of PatientManager tool | Â a uniquely defined OID |
| Â application\_universal\_id\_type | Â Defines the type of universal id | Â ISO |
-| cas\_url | URL of the SSO service | https://gazelle.ihe.net/cas |
| Â create\_worklist\_url | Â The URL of the OrderManager instance you may use to create DICOM worklists | Â *OrderManager on Gazelle* |
| default\_pdq\_domain | For PDQv3, defines if we use SeHE or ITI rules | ITI |
| hl7v3\_organization\_oid | OID of the organization issuing/receiving HL7v3 messages | a uniquely defined OID |
@@ -198,9 +197,6 @@ Under the Administration menu, you will find a sub-menu entitled "Configure appl
| Â sending\_application | Used to populate MSH-3 field of the HL7 messages produced by the tool | PAMSimulator
| Â sending\_facility | Â Used to populate MSH-4 field of the HL7 messages produced by the tool | Â Â IHE |
| Â time\_zone | Â Defines which time zone to use to display dates and timestamps | Â Europe/Paris |
-| Â application\_works\_without\_cas | Â Tells the application how users are authenticated | Â true: all users are granted as admin. false: uses a CAS service to authenticate users |
-| ip\_login | whether to enable or not the authentication by IP address | false |
-| ip\_login\_admin | if ip\_login = true, a regex to grant users with admin role according to their IP addresses | .\* |
| Â dds\_ws\_endpoint | Â Location of the Demographic Data server WSDL | Â *DDS WS on Gazelle* |
| Â gazelle\_hl7v2\_validator\_url | Â URL of the Gazelle HL7 Validator tool | Â https://gazelle.ihe.net/GazelleHL7Validator |
| Â svs\_repository\_url | Â URL of the Sharing Value Set Repository actor of the SVSSimulator | Â https://gazelle.ihe.net |
@@ -225,6 +221,18 @@ Under the Administration menu, you will find a sub-menu entitled "Configure appl
| path_to_keystore | Absolute path of the keystore (used when the SOAP header contains a signature) | |
| private_key_alias | Alias of the private key in the keystore (used when the SOAP header contains a signature) | |
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
## HL7v2.x responders
From the Administration/HL7 Responders configuration page, you will be able to configure each actor of the tool playing the role of a responder in a HL7-based transaction. A configure consists in the receiving application and facility and the port on which it listens to incoming messages. The IP address is not used by the server but must be set properly so that the users can configure their systems under test to communicate with the tool. DO NOT update the other parameters; it would prevent the tool from working correctly.
diff --git a/Proxy/installation.md b/Proxy/installation.md
index 3e1a711675bfb258a5c80f6501f3d44c61c0f88a..8842a6cd1152a40e49e2378111057d04c2311fda 100755
--- a/Proxy/installation.md
+++ b/Proxy/installation.md
@@ -169,7 +169,7 @@ Open a browser and go to [*http://yourServer:8080/proxy*](http://yourServer:8080
This new instance of the proxy is running without the CAS feature, that means that anyone accessing the tool has the administrator privileges.
If you rather want to use a single-sign one authentication, configure the application in this way. Edit the preference
-**application\_works\_without\_cas** to set it to **false.**
+**cas\_enabled** to set it to **false.**
## Called tools
@@ -188,13 +188,9 @@ There is a set of properties that you can configure on the Configuration page, t
| **application\_documentation** | The link to the user manual. Link to this page | |
| **application\_issue\_tracker** | The link to the section of the issue tracker where to report issues about the Gazelle Proxy tool | [https://gazelle.ihe.net/jra/browse/PROXY](https://gazelle.ihe.net/jra/browse/PROXY) |
| **application\_release\_notes** | The link to the application release notes of the tool | [https://gazelle.ihe.net/jira](https://gazelle.ihe.net/jira) |
-| **application\_works\_without\_cas** | Specifies if the CAS should be used or not, if no CAS is used, property shall be set to true otherwise, it's set to false | true |
| **application\_url** | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | [http://yourASURL/proxy](http://yourASURL/proxy) |
-| **cas\_enable** | If you intent to use a CAS, set it tu true here | true |
| **dcmdump_path** | Path to dcmdump | /usr/bin/dcmdump |
| **evs\_client\_url** | The URL of the EVSClient application. This is required to validate the messages captured by the proxy. If you install your own instance of the proxy, you also need your own instance of the EVSClient tool. (Do not forget the tailing slash) | [https://gazelle.ihe.net/EVSClient/](https://gazelle.ihe.net/EVSClient/) |
-| **ip\_login** | if the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | false |
-| **ip\_login\_admin** | regex to be matched by IP address of the users granted as admin | .\* |
| **jms_communication_is_enabled** | Enable jms communication | false |
| **max\_proxy\_port** | Specifies the high limit for the opened ports | 11000 |
| **min\_proxy\_port** | Specifies the low limit for the opened ports | 10000 |
@@ -204,4 +200,16 @@ There is a set of properties that you can configure on the Configuration page, t
| **storage\_dicom** | Absolute path to the system folder used to store the DICOM datasets | /opt/proxy/DICOM |
| **time\_zone** | The time zone used to display the timestamps | Europe/Paris |
| **admin_only_mode** | This preference is used to enable/disable the Admin Only mode. This mode restricts the access to messages list and messages details to admin only. Connection can however be shared by an administrator to allow users knowing the connection privacy key to see messages from the connection. | false |
-| **proxy_persistent_channels_file_path** | This file path where persistent channels are written. The file must be created by server admin | /opt/proxy/proxyPersistentChannels.csv |
\ No newline at end of file
+| **proxy_persistent_channels_file_path** | This file path where persistent channels are written. The file must be created by server admin | /opt/proxy/proxyPersistentChannels.csv |
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/SVS-Simulator/installation.md b/SVS-Simulator/installation.md
index 8f6fbfe928931e36f24c16c0ad974c6804887554..dfd5eb24e02c6c45bb68f96953d6a121e2c34611 100755
--- a/SVS-Simulator/installation.md
+++ b/SVS-Simulator/installation.md
@@ -72,7 +72,7 @@ You first need to initialize the database with some data available in a SQL scri
Otherwise, download it from Inria’s forge (See Sources section).
-Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the cas\_url, application\_url and other preferences relative to the user authentication (see Application configuration section).
+Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the application\_url and other preferences relative to the user authentication (see Application configuration section).
Finally, execute the script to initialize the database:Â
@@ -100,13 +100,9 @@ In the Administration menu, you will find a sub-menu entitled "Application Confi
|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|
| application\_issue\_tracker\_url | The URL of the bug tracking system where to post issues | https://gazelle.ihe.net/jira/browse/SVS |
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | http://publicUrlOfJboss/SVSSimulator |
-| cas\_url | If you intent to use a CAS, put its URL here | https://gazelle.ihe.net/cas |
-| application\_works\_without\_cas | Tells the application how users are authenticated | true (all users are granted as admin) or false (uses a CAS service to authenticate users) |
| documentation\_url | Where to find the user manual | https://gazelle.ihe.net/content/svs-simulator |
| esvs\_xsd\_location | URL of XSD schema ESVS-20100726.xsd | https://gazelle.ihe.net/xsd/svs/ESVS-20100726.xsd |
| ignore\_validation\_in\_import | disable the XSD validation when importing value sets from XML files | false |
-| ip\_login | if the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | true (only users whom IP address matches the regex set in ip\_login\_admin are granted as admin) or false (no IP address check) |
-| ip\_login\_admin | regex to be matched by IP address of the users granted as admin | .\* will grant every one as admin |
| link\_repository\_http | Endpoint to contact the SVS Repository - displayed to the user (HTTP binding) | https://gazelle.ihe.net/ |
| link\_repository\_soap | Endpoint to contact the SVS Repository - displayed to the user (SOAP binding) | https://gazelle.ihe.net/SVSSimulator-ejb/ValueSetRepository\_Service/ValueSetRepository\_PortType?wsdl |
| message\_permanent\_link | Page which displays message details | https://gazelle.ihe.net/SVSSimulator/messages/messageDisplay.seam?id= |
@@ -114,6 +110,18 @@ In the Administration menu, you will find a sub-menu entitled "Application Confi
| svs\_repository\_url | URL of the Sharing Value Set Repository actor of the SVSSimulator | https://gazelle.ihe.net |
| svs\_xsd\_location | URL of XSD schema SVS.xsd | Â https://gazelle.ihe.net/xsd/svs/SVS.xsd |
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
# Home page
The first time you access the application, you may notice that the home page of the tool is not configured. To set a title and a welcome message, log into the application with admin rights.
diff --git a/Schematron-Validator/installation.md b/Schematron-Validator/installation.md
index 55cfd150a01cd88a4ac690fd6e5fc93cee942fe3..4a906f27e724852e0262f71d70d5f77ffbcbb976 100755
--- a/Schematron-Validator/installation.md
+++ b/Schematron-Validator/installation.md
@@ -112,21 +112,29 @@ sudo chown -R jboss:jboss-admin /opt/SchematronValidator_prod
|application_release_notes_url | |https://gazelle.ihe.net/jira/projects/SCHVAL?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page&status=released |
|application_url | The public URL of the tool |[http://yourDomain/SchematronValidator](http://yourDomain/SchematronValidator) |
|application_url_basename | | SchematronValidator |
-|application_works_without_cas | If true, any user might be granted with admin role. If false, the tool is bound to a CAS service for user authentication | false |
|application_zone | | EUROPE |
|bin_path | Relative path to the folder in which are stored the schematrons | bin |
-|cas_enabled | If true, the CAS service for user authentication is used |true |
-|cas_url | URL of the central authentication service |[http://yourDomain/cas](http://yourDomain/cas) |
|cda_xsd_path | absolute path to the XSD file used for validating CDA | /opt/SchematronValidator_prod/xsd/cda/CDA.xsd |
|data_path | | data |
|documentation_url | Link to the user guide | https://gazelle.ihe.net/gazelle-documentation/Schematron-Validator/user.html |
|epsos_cda_xsd_path | absolute path to the XSD file used for validating epSOS CDA | |
|gazelle_home_path | absolute path to the directory in which are stored the files used by the tool | /opt/SchematronValidator |
-|ip_login | If application_works_without_cas = true, authentication is based on user's IP | false |
-|ip_login_admin | Regex to be matched by the IP addresses of the users who can be granted as admin |.\* |
|mif_root_directory | Relative path to the folder where are stored the MIF files | /mif |
|monitor_email | The email of the second person who will receive failure notification from the tool | - |
|reports_path | | reports |
|time_zone | Time zone | UTC+01 |
|gazelle_transformation_url | | http://localhost:8580/transformation-ejb/GazelleTransformationService/Transformation?wsdl |
|xsd_1_1_validator_path | |/opt/SchematronValidator_prod/bin/XSDValidator-1.0-jar-with-dependencies.jar|
+
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/XDStar-Client/installation.md b/XDStar-Client/installation.md
index b6ac43990ed4fd610bb0a8f8c84ba8147a886e4a..0527556524a645ff09f13c5190cff61b30af0594 100755
--- a/XDStar-Client/installation.md
+++ b/XDStar-Client/installation.md
@@ -177,12 +177,12 @@ INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'http
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'https://gazelle.ihe.net/xdstools2/', 'ksa_xdstools_url');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'false', 'display_IHE_RAD_menu');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'false', 'display_IHE_ITI_menu');
-INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'true', 'ip_login');
+INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'false', 'ip_login');
+INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'true', 'cas_enabled');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), '.*', 'ip_login_admin');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), '20', 'NUMBER_OF_ITEMS_PER_PAGE');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), '/opt/gazelle/cert/keystore.jks', 'keystore_path');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'https://gazelle.ihe.net/gazelle-documentation/XDStar-Client/user.html', 'documentation_url');
-INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'true', 'application_works_without_cas');
```
@@ -201,13 +201,11 @@ If the deployment and the database initialization are successful you should see
| **application\_release\_notes\_url** | release notes' url | https://gazelle.ihe.net/jira/browse/XDSTAR\#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel |
| **application\_time\_zone** | time zone | UTC+01 |
| **application\_url** | the url of XDStarClient (too important as it is used by permanent links) | https://gazelle.ihe.net/XDStarClient/ |
-| **application_works_without_cas** | if the application needs the cas or not | true |
| **assertion\_manager\_url** | URL to the assertion manager used | https://gazelle.ihe.net/AssertionManagerGui |
| **attachement\_files\_directory** | file directory on the server, where documnent uploaded and downloaded will be saved | /opt/XDStarClient/attachments/ |
| **avoid\_nist\_validation\_ihe** | set to false when validation using the nist validator is performed | true |
| **birthdate** | used for initialization for XCPD request | 19501201 |
| **Cache-Control** | security parameter | private, no-cache, no-store, must-revalidate, max-age=0 |
-| **cas\_url** | link to the SSO cas | https://gazelle.ihe.net/cas |
| **cda\_mbv\_wsdl** | link to the CDA MBV tool ws | https://gazelle.ihe.net/CDAGenerator-CDAGenerator-ejb/CDAValidatorWS?wsdl |
| **cda\_mbv\_xslt** | link to the stylesheet to render the result of validation of a CDA document | https://gazelle.ihe.net/xsl/mbcdaDetailedResult.xsl |
| **cda\_xsl\_path** | link to the stylesheet to render a cda document | cda.xsl |
@@ -236,8 +234,6 @@ If the deployment and the database initialization are successful you should see
| **homeCommunityID** | used by the XSD.b requests | 1.3.6.1.4.1.12559.11.13.2.3 |
| **home\_root\_oid** | used by the XSD.b requests | 1.3.6.1.4.1.12559.11.13.2.4 |
| **ihe\_source\_root\_oid** | used by the XSD.b requests | 1.3.6.1.4.1.12559.11.13.2.5 |
-| **ip\_login** | used to confirm if the connexion is done using a cas or an ip authentification | true |
-| **ip\_login\_admin** | list of accepted ip address | .\* |
| **key\_alias** | the alias of the keystore used for ssh connexion with responders | tomcat |
| **key\_pass** | password of the key | password |
| **keystore\_pass** | password of the keystore | password |
@@ -270,3 +266,15 @@ If the deployment and the database initialization are successful you should see
| **X-Frame-Options** | security parameter | SAMEORIGIN |
| **X-WebKit-CSP** | security parameter | Use X-Content-Security-Policy values |
| **X-WebKit-CSP-Report-Only** | security parameter | Use X-Content-Security-Policy-Report-Only values |
+
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/XDW-Simulator/installation.md b/XDW-Simulator/installation.md
index 956763f84548c93fd1d622afc4d9741eeacb2453..bd5e78d04d489c00f9b156a1e170c6d06a2ac13f 100755
--- a/XDW-Simulator/installation.md
+++ b/XDW-Simulator/installation.md
@@ -184,7 +184,6 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| application\_issue\_tracker\_url | URL of the helpdesk or project for XDW Simulator in your bug tracker tool | [*Link to JIRA*](https://gazelle.ihe.net/jira/browse/XDW)|
| application\_release\_note\_url | URL to the release note in JIRA (or elsewhere) | [*Link to JIRA*](https://gazelle.ihe.net/jira/browse/XDW)|
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool| https://publicUrlOfJboss/XDWSimulator |
-| application\_works\_without\_cas | Tells the application how users are authenticated | True: all users are granted as admin<br>False: uses a CAS service to authenticate users|
| contact\_email | The email address of the person to be contacted by the user in case help is needed | - |
| contact\_name | The name of the person to be contacted by the user in case help is needed | - |
| contact\_title | The title of the person to be contacted by the user in case help is needed | - |
@@ -194,6 +193,18 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| evs_url | URL to EVS Client | [*EVSClient URL*](https://gazelle.ihe.net/EVSClient)|
| xdw_xslt_viewer | Location of the XSL file used to display the XDW files | [*XSL URL*] https://gazelle.ihe.net/xsl/XDW.xsl |
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
### Home page
The first time you access the application, you may notice that the home page of the tool is not configured. To set a title and a welcome message, log into the application with admin rights.