From 555613089675dcc3401c3ebe5b05de01729bcdf7 Mon Sep 17 00:00:00 2001
From: Valentin Lorand <valentin.lorand@kereval.com>
Date: Wed, 7 Feb 2024 10:13:20 +0100
Subject: [PATCH] Update installation manuals
---
Assertion-Manager/installation.md | 17 ++++++---
Authentication-Simulator/installation.md | 2 +-
CDA-Generator/installation.md | 22 ++++++------
Demographic-Data-Server/installation.md | 14 ++++++--
Gazelle-Communication-Tool/installation.md | 13 +++++--
Gazelle-FHIR-Validator/installation.md | 14 ++++++--
Gazelle-HL7-Validator/installation.md | 15 ++++++--
Gazelle-Security-Suite/installation.md | 35 ++++++++-----------
.../installation.md | 16 ++++++---
Gazelle-Webservice-Tester/installation.md | 2 +-
.../installation.md | 14 ++++++--
HPD-Simulator/installation.md | 13 ++++++-
Order-Manager/installation.md | 18 +++++++---
Patient-Manager/installation.md | 18 +++++++---
Proxy/installation.md | 20 +++++++----
SVS-Simulator/installation.md | 18 +++++++---
Schematron-Validator/installation.md | 18 +++++++---
XDStar-Client/installation.md | 20 +++++++----
XDW-Simulator/installation.md | 13 ++++++-
19 files changed, 214 insertions(+), 88 deletions(-)
diff --git a/Assertion-Manager/installation.md b/Assertion-Manager/installation.md
index 17df9b7..8ca4424 100755
--- a/Assertion-Manager/installation.md
+++ b/Assertion-Manager/installation.md
@@ -65,7 +65,7 @@ Database name : assertion-manager-gui
1. Unzip the archive
-1. Edit the application_url value in init.sql. You might also want to edit application_works_without_cas.
+1. Edit the application_url value in init.sql.
1. From the bash, update the application configuration by running :
@@ -92,10 +92,6 @@ Here is the list of configuration variables that must be defined:Â
| Variable| Default value | Description|
|---------|----------------------------------------------------------------------------------------------------------------|------------|
| application_url | http://server_domain:8080/AssertionManagerGui | URL to reach the tool|
-| application_works_without_cas | true | Indicates authentication mechanism to use|
-| ip_login | true | Indicates authentication mechanism to use|
-| ip_login_admin | .\* | Pattern to grant users as admin based on their IP address|
-| cas_url | Not defined | URL of the CAS service|
| upload_max_size | 100000000 | Used to limit uploaded files size|
| assertion_manager_rest_path_to_assertion | /testAssertion/assertion | do not change|
| assertion_manager_rest_url | https://server_domain:8080/AssertionManagerGui/rest |  update server_domain:8080 to fit your needs.|
@@ -114,6 +110,17 @@ Here is the list of configuration variables that must be defined:Â
| application_release_notes_url | https://gazelle.ihe.net/jira/browse/AS#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel | |
| application_issue_tracker_url | https://gazelle.ihe.net/browse/EVSCLT | URL of the project in the issue tracking system |
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
# Compile from sources
diff --git a/Authentication-Simulator/installation.md b/Authentication-Simulator/installation.md
index c2a9cfa..40da39d 100755
--- a/Authentication-Simulator/installation.md
+++ b/Authentication-Simulator/installation.md
@@ -62,7 +62,7 @@ Authentication Simulator needs an another ear to parse the shibboleth logs. This
1. Unzip the archive
-1. Edit the application_url value in init.sql. You might also want to edit application_works_without_cas and the idp_adapter_wsdl_endpoint configurations.
+1. Edit the application_url value in init.sql. You might also want to edit the idp_adapter_wsdl_endpoint configuration.
1. From the bash, update the application configuration by running :
diff --git a/CDA-Generator/installation.md b/CDA-Generator/installation.md
index 1bc7fa5..1888ee1 100755
--- a/CDA-Generator/installation.md
+++ b/CDA-Generator/installation.md
@@ -175,17 +175,11 @@ INSERT INTO cmn\_application\_preference VALUES (28, 'java.lang.Boolean', '', 'i
INSERT INTO cmn\_application\_preference VALUES (48, 'java.lang.Boolean', '', 'cas\_enabled', 'true');
-INSERT INTO cmn\_application\_preference VALUES (47, 'java.lang.String', '', 'application\_works\_without\_cas', 'false');
-
-INSERT INTO cmn\_application\_preference VALUES (46, 'java.lang.String', '', 'cas\_url', '[*https://gazelle.ihe.net/cas/*](https://gazelle.ihe.net/cas/)');
-
INSERT INTO cmn\_application\_preference VALUES (47, 'java.lang.String', ' ', 'bbr_folder', '/opt/CDAGenerator/BBR/');
INSERT INTO cmn\_application\_preference VALUES (48, 'scorecard_root_oid', 'An OID with trailing DOT (.)', 'java.lang.String', 'The root OID for identifying scorecards');
INSERT INTO cmn\_application\_preference VALUES (49, 'scorecard_next_index', '1', 'java.lang.Integer', 'The next index to be used for identifying scorecards');
-
-
```
| **variable** | **Description** | **type** | **default**|
@@ -200,17 +194,23 @@ INSERT INTO cmn\_application\_preference VALUES (49, 'scorecard_next_index', '1'
| application\_name | application's name | java.lang.String | CDAGenerator |
| application\_profile | application's profile (always prod) | java.lang.String | prod |
| application\_url | application's URL | java.lang.String | https://gazelle.ihe.net/CDAGenerator |
-| application\_works\_without\_cas | cas configuration | java.lang.Boolean | false |
| application\_zone | application zone | java.lang.String | GMT+1 |
| assertion\_manager\_url | link to assertion manager | java.lang.String | https://gazelle.ihe.net/AssertionManagerGui |
| Cache-Control | Application should return caching directives instructing browsers not to store local copies of any sensitive data. | java.lang.String | private, no-cache, no-store, must-revalidate, max-age=0 |
-| cas\_enabled | Enables connecting using cas. If disabled, the application will use IP login if `ip_login` is set to true. | java.lang.Boolean | true |
-| cas\_url | cas url | java.lang.String | https://gazelle.ihe.net/cas |
| cda\_result\_detail | link to cda stylesheet result | java.lang.String | https://gazelle.ihe.net/EVSClient/xsl/schematronResultStylesheet.xsl |
| cda\_xsd | path to schema | java.lang.String | /opt/CDAGenerator/xsd/ihe\_lab/infrastructure/cda/LabCDA.xsd |
-| ip\_login | Enables the connection by IP. This can only be activated if cas is disabled. | java.lang.String | /opt/CDAGenerator/xsd/ihe\_lab/infrastructure/cda/LabCDA.xsd |
-| ip\_login\_admin | Regex IP needs to match to be connected to the application when IP login is enabled. Has no effect if cas is enabled. | java.lang.String | /opt/CDAGenerator/xsd/ihe\_lab/infrastructure/cda/LabCDA.xsd |
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
## Compile
diff --git a/Demographic-Data-Server/installation.md b/Demographic-Data-Server/installation.md
index 182145f..1946449 100755
--- a/Demographic-Data-Server/installation.md
+++ b/Demographic-Data-Server/installation.md
@@ -86,10 +86,20 @@ Database name : demographic-data-server
|application_documentation | Link to the user guide | https://gazelle.ihe.net/gazelle-documentation/Demographic-Data-Server/user.html |
|application_mode | | full |
|application_url | URL to access the application | https://FQDN/DDS |
-|application_works_without_cas | Enable or disable the CAS authentication | true |
|DDS_domain | | DDS |
|DDS_OID | Unique identifier of the tool instance | 1.1.1.1.1.1.1.1.1.1.1.1 |
|hl7v3_sender_timeout | | 15000 |
-|ip_login_admin | Regex to authorize ip authentication if CAS authentication is disabled | .* |
|issue_tracker_url | Link to the issue reporter (JIRA) | https://gazelle.ihe.net/jira/browse/DDS |
|time_zone | Used to display date/time in the appropriate time zone | Europe/Paris |
+
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/Gazelle-Communication-Tool/installation.md b/Gazelle-Communication-Tool/installation.md
index 38efe75..b885525 100755
--- a/Gazelle-Communication-Tool/installation.md
+++ b/Gazelle-Communication-Tool/installation.md
@@ -98,8 +98,6 @@ Here is the list of configuration variables that must be defined:Â
| Gazelle communication tools enabled | true | |
| application_url | http://server_domain:8180/gazelle | URL to reach the tool |
| Gazelle communication tools URL | http://server_domain:8080/gazelle | URL to reach the communication tool |
-| application_works_without_cas | false | Indicates authentication mechanism to use |
-| cas_url | http://keycloak.localhost:28080/realms/gazelle/protocol/cas | URL of the CAS service |
| upload_max_size | 100000000 | Used to limit uploaded files size |
| assertion_manager_rest_url | https://server_domain:8180/gazelle/rest |  update server_domain:8080 to fit your needs. |
| security-policies | true | Â Enable security features |
@@ -111,6 +109,17 @@ Here is the list of configuration variables that must be defined:Â
| application_documentation | https://gazelle.ihe.net/content/gazelle | |
| documentation_url | https://gazelle.ihe.net/content/gazelle | |
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
## Database configuration
To insert values with an sql script, connect to the database :
diff --git a/Gazelle-FHIR-Validator/installation.md b/Gazelle-FHIR-Validator/installation.md
index 9a83508..f068298 100755
--- a/Gazelle-FHIR-Validator/installation.md
+++ b/Gazelle-FHIR-Validator/installation.md
@@ -89,13 +89,10 @@ Under the Administration menu, you will find a sub-menu entitled "Configuration"
| application\_url |  The URL used by any user to access the tool. The application needs it to build permanent links inside the tool |  https://publicUrlOfJboss/GazelleFhirValidator |
| application_issue_tracker | Link to the issue tracker where users can report issues (used in the footer of the app) | https://gazelle.ihe.net/jira/browse/FHIRVAL |
| application_release_note_url | Link to the release note of the tool (used in the footer of the app) | https://gazelle.ihe.net/jira/browse/FHIRVAL |
-| application_works_without_cas | True = no login required to access the tool, event page with restricted access, False = use Gazelle SSO | false |
| contact_email | The email of the person to contact for any questions regarding the tool (used in the footer of the app) | |
| contact_name | Name of the person to contact for any questions regarding the tool (used in the footer of the app) | |
| contact_title | Function of the person to contact for any questions regarding the tool (used in the footer of the app) | |
| documentation_url | Link to the user manual (used in the footer of the tool) | https://gazelle.ihe.net/gazelle-documentation/Gazelle-FHIR-Validator/user.html |
-| ip_login | True = users with IP address matching ip_login_regex will be granted as admin | false |
-| ip_login_admin | regex to restrict access to a list of IP address | .* |
| NUMBER_OF_ITEMS_PER_PAGE | Default number of entries in tables | 20 |
| structure_definition_stylesheet_location | URL of the XSL used to display the structure definition | https://gazelle.ihe.net/xsl/fhir/structureDefinition.xsl |
| time_zone | Default time zone to be used to display dates and times | Europe/Paris |
@@ -103,6 +100,17 @@ Under the Administration menu, you will find a sub-menu entitled "Configuration"
| code_system_location | Where the tool accesses the code systems to be loaded | /opt/fhir-structure-definition/CodeSystem |
| ig_fhir_server_url | URL of the Fhir Server used for validation | http://localhost:8080/hapi-fhir-jpavalidator/fhir|
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
## Managing validators
diff --git a/Gazelle-HL7-Validator/installation.md b/Gazelle-HL7-Validator/installation.md
index 6b2ca02..769df72 100755
--- a/Gazelle-HL7-Validator/installation.md
+++ b/Gazelle-HL7-Validator/installation.md
@@ -77,7 +77,7 @@ __IMPORTANT NOTICE__: Before to apply this script into your database, open it an
Otherwise, download it from Inria’s forge (See Sources section)
-Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the cas\_url, application\_url and other preferences relative to the user authentication (see Application configuration section). **Context path for deployment is /GazelleHL7Validator**.
+Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the application\_url and other preferences relative to the user authentication (see Application configuration section). **Context path for deployment is /GazelleHL7Validator**.
Finally, execute the script:Â
@@ -132,7 +132,6 @@ Use the Administration menu, you will find a sub-menu entitled "Configure applic
|----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
| application\_issue\_tracker\_url | The URL of the bug tracking system where to post issues | https://gazelle.ihe.net/jira/projects/HLVAL/summary |
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | http://publicUrlOfJboss/GazelleHL7Validator |
-| cas\_url | If you intent to use a CAS, put its URL here | https://gazelle.ihe.net/cas |
| force\_stylesheet | HL7MessageProfiles and HL7 resources are XML files displayed with a stylesheet declared in the file and referenced on gazelle.ihe.net. To avoid cross-site references, most browsers do not follow those links and as a consequence do not display the XML file correctly. This property tells the tool to change the link to the stylesheet before sending the file to the client | true |
| gmm\_hl7messageprofile\_wsdl | Access Hl7MessageProfile webservice exposed by GMM (or TM configured to work also as GMM) | https://publicUrlOfJboss/gazelle-gmm-gazelle-tm-ejb/Hl7MessageProfile?wsdl |
| gmm\_iheconcepts\_wsdl | Access IHEConcepts web service exposed by GMM (or TM configured to work also as GMM) | http://131.254.209.12:8080/gazelle-gmm-gazelle-tm-ejb/IHEConcepts?wsdl |
@@ -154,6 +153,18 @@ Use the Administration menu, you will find a sub-menu entitled "Configure applic
| xsd\_directory\_location | where to find the XSD files for HL7v3 validation service | example : /home/gazelle/xsd/HL7V3/NE2008/multicacheschemas |
| xcpd\_plq\_xsd\_location | where to find the XSD files for XCPD/PLQ validation service | example : /home/gazelle/xsd/IHE/XCPD\_PLQ.xsd |
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
# Home page
The first time you access the application, you may notice that the home page of the tool is not configured. To set a title and a welcome message, log into the application with admin rights.
diff --git a/Gazelle-Security-Suite/installation.md b/Gazelle-Security-Suite/installation.md
index 5c0e8b0..8c57ce3 100755
--- a/Gazelle-Security-Suite/installation.md
+++ b/Gazelle-Security-Suite/installation.md
@@ -182,17 +182,6 @@ Example (version number are hypothetical) : to update GSS from 5.1.0 to 5.1.5 yo
Application can be configured directly from the web interface. From the menu, go to Administration > Application preferences _(you need to be logged in as admin\_role)_.
-## GSS Double Central Authentication Service
-
-Basicaly one Gazelle Central Authentication Service provide user authentication for all Gazelle applications in a test bed. However we once had the need to connect one instance of GSS with two test beds. We implemented a feature to answer this need and decide to leave the option available for public. So GSS can be connected with two distinct Authentication Services and users are identified from two databases. GSS concatenate the username and the CAS key to preserve username uniqueness all over the application. Of course the second authentication channel is optional and can be turned off.
-
-Note that every configuration variable related to a user feature is then derivated in two versions and prefixed with **main\_** or **second\_**. It allows admin to configure options and services for the first or the second test bed.
-
-There is two files that need to be created in /opt/gazelle/cas :
-
-* file.properties : This is the configuration file for the main cas, used in all the other tools. It should be already present.
-* file_second_cas.properties : This is the configuration file for the second cas.
-
## Gazelle PKI specific considerations
PKI features of GSS require to define a certificate authority (CA) for :
@@ -223,7 +212,6 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **application\_documentation** | The link to the user manual. | https://gazelle.ihe.net/content/gazelle-security-suite |
| **application\_issue\_tracker** | The link to the section of the issue tracker where to report issues about Gazelle-Security-Suite | https://gazelle.ihe.net/jra/browse/TLS |
| **application\_release\_notes** | The link to the application release notes | https://gazelle.ihe.net/jira/browse/TLS\#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel |
-| **application\_works\_without\_cas** | Specifies if the Central Authentication Service (CAS) is used or not. If no CAS is used, property shall be set to true | true |
| **application\_url** | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | http://localhost:8080/gss |
| **assertion\_manager\_url** | To link tests and validators to assertions, you will need to deploy Assertion Manager in the test bed. Provide its URL here. | http://localhost:8080/AssertionManagerGui |
| **atna\_mode\_enabled** | Enable/disable Audit Trail features : ATNA-Questionnaire and Audit-Message validation. | true |
@@ -236,8 +224,6 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **dicom\_xsd** | Absolute system path to the DICOM schema (Audit Message validation). | /opt/tls/dicom\_syslog\_ext\_us.xsd |
| **dcmdump_path** | Absolute system path to the dcmdump binary | /usr/bin/dcmdump |
| **evs\_client\_url** | The URL of the Gazelle EVSClient application. This is required to validate the messages captured by the proxy. | http://localhost:8080/EVSClient |
-| **ip\_login** | If the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | false |
-| **ip\_login\_admin** | Regex to be matched by IP addresses of the users granted as admin if "ip\_login" is set to "true" | .\* |
| **java\_cacerts\_truststore\_pwd** | GSS is also using the **cacerts** JVM truststore to validate certificates (located in ${JAVA\_HOME}/jre/lib/security/cacerts). Provide here its password. | changeit |
| **jms_communication_is_enabled** | Enable/disable JMS communication through the proxy. | false |
| **main\_cas\_keyword** | Key used to distinct authentication service (maximum length 8). | 1ST |
@@ -255,13 +241,7 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **questionnaire\_display\_inbounds** | Enable/disable the *Inbound network communications* tab in ATNA Questionnaire | true |
| **questionnaire\_display\_outbounds** | Enable/disable the *Outbound network communications* tab in ATNA Questionnaire | true |
| **questionnaire\_display\_tls\_tests** | Enable/disable the *TLS Tests* tab in ATNA Questionnaire | true |
-| **rfc3881\_xsd** | Absolute system path to the RFC3881 schema (Audit Message validation). | /opt/tls/RFC3881.xsd |
-| **second\_cas\_enabled** | Enable/disable second CAS authentication. | false |
-| **second\_cas\_keyword** | Key used to distinct authentication service (maximum length 8). | null |
-| **second\_cas\_name** | Name of the authentication service displayed in the GUI. | null |
-| **second\_tm\_application\_url** | URL of Gazelle Test Management linked with the second CAS. | null |
-| **second\_tm\_message\_ws** | URL of the Messages web-service of Gazelle Test Management linked with the second CAS. | null |
-| **second\_tm\_pki\_admins** | List of PKI admins usernames in Gazelle Test Management linked with the second CAS (separated with a coma). They will receive a message alert each time a certificate is requested and require a manual validation. | null |
+| **rfc3881\_xsd** | Absolute system path to the RFC3881 schema (Audit Message validation). | /opt/tls/RFC3881.xsd | |
| **storage\_dicom** | Absolute path to the system folder used to store the DICOM datasets | /opt/tls/DICOM |
| **syslog_automatic_start_enabled** | Enable/disable automatic startup of Syslog simulators at application startup. | false |
| **syslog_collector_enabled** | Enable/disable Syslog simulator feature. | false |
@@ -273,3 +253,16 @@ If you import an existing CA, do not use a CA chained to an issuer publicly trus
| **xua\_mode\_enabled** | Enable/disable XUA assertions validator. | true |
| **xmldsig_core_schema_location** | URL to the XML schema for verifying ds:Signature element |https://gazelle.ihe.net/XSD/IHE/XUA/xmldsig-core-schema.xsd |
| **http_max_content_size** | The maximum size of http content that can be supported by the http proxy (the size is in MB) |16 |
+
+
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/Gazelle-Transformation-Service/installation.md b/Gazelle-Transformation-Service/installation.md
index 44e7f9c..b333653 100755
--- a/Gazelle-Transformation-Service/installation.md
+++ b/Gazelle-Transformation-Service/installation.md
@@ -288,11 +288,19 @@ Use the Administration menu, you will find a sub-menu entitled "Configure applic
| application_release_notes_url | URL to the release note of the tool | https://gazelle.ihe.net/jira/projects/TRANSFOSRV?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page&status=released|
| application_url | Complete URL of the tool | http://localhost:8580/transformation|
| application_url_basename | URL first resource to reach the tool | /transformation|
-| application_works_without_cas | Enable/disable CAS login | true|
| bin_path | File system path used by Gazelle Transformation | /opt/DaffodilTransformation/dfdl|
-| cas_url | URL of the Central Authentication Service | https://gazelle.ihe.net/cas|
| documentation_url | URL of the documentation | https://gazelle.ihe.net/gazelle-documentation/Gazelle-Transformation-Service/user.html|
-| ip_login | Enable/disable IP filtering for admin login (works only if CAS login disabled) | false|
-| ip_login_admin | Regular expresion for filtering IPs | .* |
| NUMBER_OF_ITEMS_PER_PAGE | Number of rows displayed by table pagination | 20|
| time_zone | Time Zone for display | Europe/Paris|
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/Gazelle-Webservice-Tester/installation.md b/Gazelle-Webservice-Tester/installation.md
index 97009a2..82da0ef 100755
--- a/Gazelle-Webservice-Tester/installation.md
+++ b/Gazelle-Webservice-Tester/installation.md
@@ -63,7 +63,7 @@ Database name : gazelle-webservice-tester
1. Unzip the archive into a folder named `gwt-sql`
-1. Edit the application_url value in init.sql. You might also want to edit application_works_without_cas.
+1. Edit the application_url value in init.sql.
1. From the bash, update the application configuration by running :
```bash
diff --git a/Gazelle-X-Validator-Rule-Editor/installation.md b/Gazelle-X-Validator-Rule-Editor/installation.md
index ab1c987..dd539ec 100755
--- a/Gazelle-X-Validator-Rule-Editor/installation.md
+++ b/Gazelle-X-Validator-Rule-Editor/installation.md
@@ -80,10 +80,8 @@ Database name : gazelle-x-validator-rule-editor
| Preference name | Description | Default value |
|-----------------|-----------------------------------------|---------------------|
|application_url | URL to access the application | https://FQDN/GazelleXValidatorRuleEditor |
-|application_works_without_cas | Enable or disable the CAS authentication | true |
|assertion_manager_url | URL to the assertion manager tool instance | https://FQDN/AssertionManagerGui |
|documentation_url | Link to the user documentation | https://gazelle.ihe.net/gazelle-documentation/Gazelle-X-Validator-Rule-Editor/user.html |
-|ip_login_admin | Regex to authorize ip authentication if CAS authentication is disabled | .* |
|release_notes_url | Link to the issue reporter (JIRA) | https://gazelle.ihe.net/jira/browse/XVALEDIT#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel |
|svs_repository_url | URL to the svs repository instance | - |
|ut_directory | | /opt/x_validation/ut_directory |
@@ -95,3 +93,15 @@ Database name : gazelle-x-validator-rule-editor
|xvalidator_directory | | /opt/x_validation |
|x_validator_root_oid | X val root OID | 1.1.1.1.1.1.1.1.1.1.1.1.1. |
|xvalidator_xsl_url | | https://FQDN/GazelleXValidatorRuleEditor/resources/stylesheet/gazelleXValidator.xsl |
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/HPD-Simulator/installation.md b/HPD-Simulator/installation.md
index 28b13db..1c2d4f3 100755
--- a/HPD-Simulator/installation.md
+++ b/HPD-Simulator/installation.md
@@ -311,7 +311,6 @@ A subordinate node is reprensenting by the LDAPNode object which is composed of
|----------------------------------|------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|
| application\_name | The name of the application | HPD Simulator |
| application\_url | URL to reach the tool | https://gazelle.ihe.net/HPDSimulator |
-| application\_works\_without\_cas | Indicates whether the users are authenticated using the CAS service or another mechanism | false |
| assertion\_manager\_url | Link to the Assertion Manager tool | https://gazelle.ihe.net/AssertionManagerGui |
| dsml\_xsl\_location | URL of the stylesheet used to display DSMLv2 messages | https://gazelle.ihe.net/xsl/dsmlStylesheet.xsl |
| ldap\_password | Password used to log onto the LDAP server (if authentication is required) | N/A (no authentication put in place) |
@@ -325,6 +324,18 @@ A subordinate node is reprensenting by the LDAPNode object which is composed of
| time\_zone | To display time in the appropriate time zone | Europe/Paris |
| xsd\_location | URI to access the DSMLv2 schema (used by validation service) | /opt/hpd/xsd/IHE/DSMLv2.xsd |
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
# Configuration of the documentation for HPD Model-based validator
The administrator is able to configure the documentation of HPD constraints and rules
diff --git a/Order-Manager/installation.md b/Order-Manager/installation.md
index e6f2805..4fd2b04 100755
--- a/Order-Manager/installation.md
+++ b/Order-Manager/installation.md
@@ -89,7 +89,7 @@ Database name : order-manager
You first need to initialize the database with some data available in a SQL script. If you have checked out the project, the script is available in OrderManager-ear/src/main/sql/import.sql
-Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the cas\_url, application\_url and other preferences relative to the user authentication (see Application configuration section)
+Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the application\_url and other preferences relative to the user authentication (see Application configuration section)
Finally, execute the script:
```bash
@@ -109,8 +109,6 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| application\_issue\_tracker\_url | URL of the helpdesk or project for Order Manager in your bug tracker tool | [*Link to jira*](https://gazelle.ihe.net/jira/browse/OM)|
| application\_release\_note\_url | URL to the release note in JIRA (or elsewhere) | [*Link to JIRA*](https://gazelle.ihe.net/jira/browse/OM)|
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool| http://publicUrlOfJboss/OrderManager |
-| application\_works\_without\_cas | Tells the application how users are authenticated | True: all users are granted as admin<br>False: uses a CAS service to authenticate users|
-| cas\_url | If you intent to use a CAS, put its URL here | https://gazelle.ihe.net |
| contact\_email | The email address of the person to be contacted by the user in case help is needed | - |
| contact\_name | The name of the person to be contacted by the user in case help is needed | - |
| contact\_title | The title of the person to be contacted by the user in case help is needed | - |
@@ -124,8 +122,6 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| eye\_order\_hierarchy\_location | Location of the XML file used to perform the matching between orders and procedures/protocols in the context of the Eyecare workflow profile | [*Default file*](https://gazelle.ihe.net/examples/orderHierarchy-EYE2012.xml)|
| gazelle\_hl7v2\_validator\_url | URL of the Gazelle HL7 Validator tool | [Gazelle HL7 Validator](https://gazelle.ihe.net/GazelleHL7Validator)|
| hl7v2\_xsl\_location | URL to access the XML stylesheet used to display HL7v2.x validation results| [*XSL location*](https://gazelle.ihe.net/xsl/hl7Validation/resultStylesheet.xsl)|
-| ip\_login | if the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | true: only users whom IP address matches the regex set in ip\_login\_admin are granted as admin<br>false: no IP address check |
-| ip\_login\_admin | regex to be matched by IP address of the users granted as admin | .\* will grant every one as admin |
|laboratory_enabled | Enabled/Disabled the Laboratory entry in the menu | true |
|message_permanent_link | Permanent link to message details | http://publicUrlOfJboss/OrderManager/messages/MessageDisplay.seam?id=
|NUMBER_OF_ITEMS_PER_PAGE | Default number of rows to be displayed in tables | 20 |
@@ -144,6 +140,18 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| wlmscpfs\_port | the port on which the worklist listens to | 12345 |
| worklists\_basedir | where to store worklists for retrieve by dcmtk |/opt/worklists|
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
### HL7v2.x responders
From the Administration > HL7 Responders configuration page, you will be able to configure each actor of the tool playing the role of a responder in a HL7-based transaction. An entry in this table consists in the receiving application and facility and the port on which it listens to incoming messages. You can also configure the encoding for receiving message (always ER7 for IHE) as weel as the transport protocol to be used (always MLLP for IHE). If you are using HL7 over HTTP, you will be asked to provide the URL of the endpoint instead of the IP address/port couple.
diff --git a/Patient-Manager/installation.md b/Patient-Manager/installation.md
index c41c07c..58fb517 100755
--- a/Patient-Manager/installation.md
+++ b/Patient-Manager/installation.md
@@ -94,7 +94,7 @@ For more informations about how to manage that externalization, please refer to
6. If you do not intent to use any CAS service, execute the following SQL command
- `update app\_configuration set value = 'true' where variable = 'application\_works\_without\_cas';`
+ `update app\_configuration set value = 'true' where variable = 'cas\_enabled';`
7. Finally, open your favorite browser (please avoid usage of IE), and go to
@@ -178,7 +178,6 @@ Under the Administration menu, you will find a sub-menu entitled "Configure appl
|  application\_namespace\_id |  Defines the namespaceID of the issuer of the identifiers generated by the tool |  IHEPAM |
| Â application\_universal\_id | Â Defines the universal ID of the issuer of the identifiers generated by the tool. It's formatted as an OID and shall be unique across all instances of PatientManager tool | Â a uniquely defined OID |
| Â application\_universal\_id\_type | Â Defines the type of universal id | Â ISO |
-| cas\_url | URL of the SSO service | https://gazelle.ihe.net/cas |
| Â create\_worklist\_url | Â The URL of the OrderManager instance you may use to create DICOM worklists | Â *OrderManager on Gazelle* |
| default\_pdq\_domain | For PDQv3, defines if we use SeHE or ITI rules | ITI |
| hl7v3\_organization\_oid | OID of the organization issuing/receiving HL7v3 messages | a uniquely defined OID |
@@ -198,9 +197,6 @@ Under the Administration menu, you will find a sub-menu entitled "Configure appl
| Â sending\_application | Used to populate MSH-3 field of the HL7 messages produced by the tool | PAMSimulator
| Â sending\_facility | Â Used to populate MSH-4 field of the HL7 messages produced by the tool | Â Â IHE |
| Â time\_zone | Â Defines which time zone to use to display dates and timestamps | Â Europe/Paris |
-| Â application\_works\_without\_cas | Â Tells the application how users are authenticated | Â true: all users are granted as admin. false: uses a CAS service to authenticate users |
-| ip\_login | whether to enable or not the authentication by IP address | false |
-| ip\_login\_admin | if ip\_login = true, a regex to grant users with admin role according to their IP addresses | .\* |
| Â dds\_ws\_endpoint | Â Location of the Demographic Data server WSDL | Â *DDS WS on Gazelle* |
| Â gazelle\_hl7v2\_validator\_url | Â URL of the Gazelle HL7 Validator tool | Â https://gazelle.ihe.net/GazelleHL7Validator |
| Â svs\_repository\_url | Â URL of the Sharing Value Set Repository actor of the SVSSimulator | Â https://gazelle.ihe.net |
@@ -225,6 +221,18 @@ Under the Administration menu, you will find a sub-menu entitled "Configure appl
| path_to_keystore | Absolute path of the keystore (used when the SOAP header contains a signature) | |
| private_key_alias | Alias of the private key in the keystore (used when the SOAP header contains a signature) | |
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
## HL7v2.x responders
From the Administration/HL7 Responders configuration page, you will be able to configure each actor of the tool playing the role of a responder in a HL7-based transaction. A configure consists in the receiving application and facility and the port on which it listens to incoming messages. The IP address is not used by the server but must be set properly so that the users can configure their systems under test to communicate with the tool. DO NOT update the other parameters; it would prevent the tool from working correctly.
diff --git a/Proxy/installation.md b/Proxy/installation.md
index 3e1a711..8842a6c 100755
--- a/Proxy/installation.md
+++ b/Proxy/installation.md
@@ -169,7 +169,7 @@ Open a browser and go to [*http://yourServer:8080/proxy*](http://yourServer:8080
This new instance of the proxy is running without the CAS feature, that means that anyone accessing the tool has the administrator privileges.
If you rather want to use a single-sign one authentication, configure the application in this way. Edit the preference
-**application\_works\_without\_cas** to set it to **false.**
+**cas\_enabled** to set it to **false.**
## Called tools
@@ -188,13 +188,9 @@ There is a set of properties that you can configure on the Configuration page, t
| **application\_documentation** | The link to the user manual. Link to this page | |
| **application\_issue\_tracker** | The link to the section of the issue tracker where to report issues about the Gazelle Proxy tool | [https://gazelle.ihe.net/jra/browse/PROXY](https://gazelle.ihe.net/jra/browse/PROXY) |
| **application\_release\_notes** | The link to the application release notes of the tool | [https://gazelle.ihe.net/jira](https://gazelle.ihe.net/jira) |
-| **application\_works\_without\_cas** | Specifies if the CAS should be used or not, if no CAS is used, property shall be set to true otherwise, it's set to false | true |
| **application\_url** | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | [http://yourASURL/proxy](http://yourASURL/proxy) |
-| **cas\_enable** | If you intent to use a CAS, set it tu true here | true |
| **dcmdump_path** | Path to dcmdump | /usr/bin/dcmdump |
| **evs\_client\_url** | The URL of the EVSClient application. This is required to validate the messages captured by the proxy. If you install your own instance of the proxy, you also need your own instance of the EVSClient tool. (Do not forget the tailing slash) | [https://gazelle.ihe.net/EVSClient/](https://gazelle.ihe.net/EVSClient/) |
-| **ip\_login** | if the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | false |
-| **ip\_login\_admin** | regex to be matched by IP address of the users granted as admin | .\* |
| **jms_communication_is_enabled** | Enable jms communication | false |
| **max\_proxy\_port** | Specifies the high limit for the opened ports | 11000 |
| **min\_proxy\_port** | Specifies the low limit for the opened ports | 10000 |
@@ -204,4 +200,16 @@ There is a set of properties that you can configure on the Configuration page, t
| **storage\_dicom** | Absolute path to the system folder used to store the DICOM datasets | /opt/proxy/DICOM |
| **time\_zone** | The time zone used to display the timestamps | Europe/Paris |
| **admin_only_mode** | This preference is used to enable/disable the Admin Only mode. This mode restricts the access to messages list and messages details to admin only. Connection can however be shared by an administrator to allow users knowing the connection privacy key to see messages from the connection. | false |
-| **proxy_persistent_channels_file_path** | This file path where persistent channels are written. The file must be created by server admin | /opt/proxy/proxyPersistentChannels.csv |
\ No newline at end of file
+| **proxy_persistent_channels_file_path** | This file path where persistent channels are written. The file must be created by server admin | /opt/proxy/proxyPersistentChannels.csv |
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/SVS-Simulator/installation.md b/SVS-Simulator/installation.md
index 8f6fbfe..dfd5eb2 100755
--- a/SVS-Simulator/installation.md
+++ b/SVS-Simulator/installation.md
@@ -72,7 +72,7 @@ You first need to initialize the database with some data available in a SQL scri
Otherwise, download it from Inria’s forge (See Sources section).
-Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the cas\_url, application\_url and other preferences relative to the user authentication (see Application configuration section).
+Before executing the script, open the file and checked the various preferences to be inserted in the app\_configuration table, especially the application\_url and other preferences relative to the user authentication (see Application configuration section).
Finally, execute the script to initialize the database:Â
@@ -100,13 +100,9 @@ In the Administration menu, you will find a sub-menu entitled "Application Confi
|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|
| application\_issue\_tracker\_url | The URL of the bug tracking system where to post issues | https://gazelle.ihe.net/jira/browse/SVS |
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool | http://publicUrlOfJboss/SVSSimulator |
-| cas\_url | If you intent to use a CAS, put its URL here | https://gazelle.ihe.net/cas |
-| application\_works\_without\_cas | Tells the application how users are authenticated | true (all users are granted as admin) or false (uses a CAS service to authenticate users) |
| documentation\_url | Where to find the user manual | https://gazelle.ihe.net/content/svs-simulator |
| esvs\_xsd\_location | URL of XSD schema ESVS-20100726.xsd | https://gazelle.ihe.net/xsd/svs/ESVS-20100726.xsd |
| ignore\_validation\_in\_import | disable the XSD validation when importing value sets from XML files | false |
-| ip\_login | if the application is not linked to a CAS, you can choose to restraint the access to the administration sections of the application to a subset of IP addresses | true (only users whom IP address matches the regex set in ip\_login\_admin are granted as admin) or false (no IP address check) |
-| ip\_login\_admin | regex to be matched by IP address of the users granted as admin | .\* will grant every one as admin |
| link\_repository\_http | Endpoint to contact the SVS Repository - displayed to the user (HTTP binding) | https://gazelle.ihe.net/ |
| link\_repository\_soap | Endpoint to contact the SVS Repository - displayed to the user (SOAP binding) | https://gazelle.ihe.net/SVSSimulator-ejb/ValueSetRepository\_Service/ValueSetRepository\_PortType?wsdl |
| message\_permanent\_link | Page which displays message details | https://gazelle.ihe.net/SVSSimulator/messages/messageDisplay.seam?id= |
@@ -114,6 +110,18 @@ In the Administration menu, you will find a sub-menu entitled "Application Confi
| svs\_repository\_url | URL of the Sharing Value Set Repository actor of the SVSSimulator | https://gazelle.ihe.net |
| svs\_xsd\_location | URL of XSD schema SVS.xsd | Â https://gazelle.ihe.net/xsd/svs/SVS.xsd |
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
# Home page
The first time you access the application, you may notice that the home page of the tool is not configured. To set a title and a welcome message, log into the application with admin rights.
diff --git a/Schematron-Validator/installation.md b/Schematron-Validator/installation.md
index 55cfd15..4a906f2 100755
--- a/Schematron-Validator/installation.md
+++ b/Schematron-Validator/installation.md
@@ -112,21 +112,29 @@ sudo chown -R jboss:jboss-admin /opt/SchematronValidator_prod
|application_release_notes_url | |https://gazelle.ihe.net/jira/projects/SCHVAL?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page&status=released |
|application_url | The public URL of the tool |[http://yourDomain/SchematronValidator](http://yourDomain/SchematronValidator) |
|application_url_basename | | SchematronValidator |
-|application_works_without_cas | If true, any user might be granted with admin role. If false, the tool is bound to a CAS service for user authentication | false |
|application_zone | | EUROPE |
|bin_path | Relative path to the folder in which are stored the schematrons | bin |
-|cas_enabled | If true, the CAS service for user authentication is used |true |
-|cas_url | URL of the central authentication service |[http://yourDomain/cas](http://yourDomain/cas) |
|cda_xsd_path | absolute path to the XSD file used for validating CDA | /opt/SchematronValidator_prod/xsd/cda/CDA.xsd |
|data_path | | data |
|documentation_url | Link to the user guide | https://gazelle.ihe.net/gazelle-documentation/Schematron-Validator/user.html |
|epsos_cda_xsd_path | absolute path to the XSD file used for validating epSOS CDA | |
|gazelle_home_path | absolute path to the directory in which are stored the files used by the tool | /opt/SchematronValidator |
-|ip_login | If application_works_without_cas = true, authentication is based on user's IP | false |
-|ip_login_admin | Regex to be matched by the IP addresses of the users who can be granted as admin |.\* |
|mif_root_directory | Relative path to the folder where are stored the MIF files | /mif |
|monitor_email | The email of the second person who will receive failure notification from the tool | - |
|reports_path | | reports |
|time_zone | Time zone | UTC+01 |
|gazelle_transformation_url | | http://localhost:8580/transformation-ejb/GazelleTransformationService/Transformation?wsdl |
|xsd_1_1_validator_path | |/opt/SchematronValidator_prod/bin/XSDValidator-1.0-jar-with-dependencies.jar|
+
+
+# SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/XDStar-Client/installation.md b/XDStar-Client/installation.md
index b6ac439..0527556 100755
--- a/XDStar-Client/installation.md
+++ b/XDStar-Client/installation.md
@@ -177,12 +177,12 @@ INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'http
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'https://gazelle.ihe.net/xdstools2/', 'ksa_xdstools_url');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'false', 'display_IHE_RAD_menu');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'false', 'display_IHE_ITI_menu');
-INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'true', 'ip_login');
+INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'false', 'ip_login');
+INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'true', 'cas_enabled');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), '.*', 'ip_login_admin');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), '20', 'NUMBER_OF_ITEMS_PER_PAGE');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), '/opt/gazelle/cert/keystore.jks', 'keystore_path');
INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'https://gazelle.ihe.net/gazelle-documentation/XDStar-Client/user.html', 'documentation_url');
-INSERT INTO app_configuration VALUES (nextval('app_configuration_id_seq'), 'true', 'application_works_without_cas');
```
@@ -201,13 +201,11 @@ If the deployment and the database initialization are successful you should see
| **application\_release\_notes\_url** | release notes' url | https://gazelle.ihe.net/jira/browse/XDSTAR\#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel |
| **application\_time\_zone** | time zone | UTC+01 |
| **application\_url** | the url of XDStarClient (too important as it is used by permanent links) | https://gazelle.ihe.net/XDStarClient/ |
-| **application_works_without_cas** | if the application needs the cas or not | true |
| **assertion\_manager\_url** | URL to the assertion manager used | https://gazelle.ihe.net/AssertionManagerGui |
| **attachement\_files\_directory** | file directory on the server, where documnent uploaded and downloaded will be saved | /opt/XDStarClient/attachments/ |
| **avoid\_nist\_validation\_ihe** | set to false when validation using the nist validator is performed | true |
| **birthdate** | used for initialization for XCPD request | 19501201 |
| **Cache-Control** | security parameter | private, no-cache, no-store, must-revalidate, max-age=0 |
-| **cas\_url** | link to the SSO cas | https://gazelle.ihe.net/cas |
| **cda\_mbv\_wsdl** | link to the CDA MBV tool ws | https://gazelle.ihe.net/CDAGenerator-CDAGenerator-ejb/CDAValidatorWS?wsdl |
| **cda\_mbv\_xslt** | link to the stylesheet to render the result of validation of a CDA document | https://gazelle.ihe.net/xsl/mbcdaDetailedResult.xsl |
| **cda\_xsl\_path** | link to the stylesheet to render a cda document | cda.xsl |
@@ -236,8 +234,6 @@ If the deployment and the database initialization are successful you should see
| **homeCommunityID** | used by the XSD.b requests | 1.3.6.1.4.1.12559.11.13.2.3 |
| **home\_root\_oid** | used by the XSD.b requests | 1.3.6.1.4.1.12559.11.13.2.4 |
| **ihe\_source\_root\_oid** | used by the XSD.b requests | 1.3.6.1.4.1.12559.11.13.2.5 |
-| **ip\_login** | used to confirm if the connexion is done using a cas or an ip authentification | true |
-| **ip\_login\_admin** | list of accepted ip address | .\* |
| **key\_alias** | the alias of the keystore used for ssh connexion with responders | tomcat |
| **key\_pass** | password of the key | password |
| **keystore\_pass** | password of the keystore | password |
@@ -270,3 +266,15 @@ If the deployment and the database initialization are successful you should see
| **X-Frame-Options** | security parameter | SAMEORIGIN |
| **X-WebKit-CSP** | security parameter | Use X-Content-Security-Policy values |
| **X-WebKit-CSP-Report-Only** | security parameter | Use X-Content-Security-Policy-Report-Only values |
+
+## SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
\ No newline at end of file
diff --git a/XDW-Simulator/installation.md b/XDW-Simulator/installation.md
index 956763f..bd5e78d 100755
--- a/XDW-Simulator/installation.md
+++ b/XDW-Simulator/installation.md
@@ -184,7 +184,6 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| application\_issue\_tracker\_url | URL of the helpdesk or project for XDW Simulator in your bug tracker tool | [*Link to JIRA*](https://gazelle.ihe.net/jira/browse/XDW)|
| application\_release\_note\_url | URL to the release note in JIRA (or elsewhere) | [*Link to JIRA*](https://gazelle.ihe.net/jira/browse/XDW)|
| application\_url | The URL used by any user to access the tool. The application needs it to build permanent links inside the tool| https://publicUrlOfJboss/XDWSimulator |
-| application\_works\_without\_cas | Tells the application how users are authenticated | True: all users are granted as admin<br>False: uses a CAS service to authenticate users|
| contact\_email | The email address of the person to be contacted by the user in case help is needed | - |
| contact\_name | The name of the person to be contacted by the user in case help is needed | - |
| contact\_title | The title of the person to be contacted by the user in case help is needed | - |
@@ -194,6 +193,18 @@ Use the Administration menu, you will find a sub-menu entitied "Configure applic
| evs_url | URL to EVS Client | [*EVSClient URL*](https://gazelle.ihe.net/EVSClient)|
| xdw_xslt_viewer | Location of the XSL file used to display the XDW files | [*XSL URL*] https://gazelle.ihe.net/xsl/XDW.xsl |
+### SSO Configuration
+
+There are additional preferences to configure the SSO authentication.
+
+| Preference name | Description | Example of value |
+| ---------------- | ---------------------------------------------------------------------- | ---------------- |
+| **cas_enabled** | Enable or disable the CAS authentication. | true |
+| **ip_login** | Enable authentication by IP address matching `ip_login_admin` regex. | false |
+| **ip_login_admin** | Regex to authorize ip authentication if CAS authentication is disabled. | .* |
+
+For more documentation about SSO configurations, follow the link [here](https://gitlab.inria.fr/gazelle/public/framework/sso-client-v7/-/blob/master/cas-client-v7/README.md).
+
### Home page
The first time you access the application, you may notice that the home page of the tool is not configured. To set a title and a welcome message, log into the application with admin rights.
--
GitLab