upstream/kallithea Commit - r5751:2d89d49c

9

10

.. note::

10

.. note::

11

12

Installing Kallithea under IIS can enable Single Sign-On to the Kallithea

13

web interface from web browsers that can authenticate to the web server.

14

(As an alternative to IIS, SSO is also possible with for example Apache and

15

mod_sspi.)

16

17

Mercurial and Git do however by default not support SSO on the client side

18

and will still require some other kind of authentication.

19

(An extension like hgssoauthentication_ might solve that.)

20

21

.. note::

22

12

For the best security, it is strongly recommended to only host the site over

23

For the best security, it is strongly recommended to only host the site over

13

a secure connection, e.g. using TLS.

24

a secure connection, e.g. using TLS.

14

25

48

59

49

The ISAPI handler can be generated using::

60

The ISAPI handler can be generated using::

50

61

51

paster install-iis my.ini --root=/

62

paster install-iis my.ini --virtualdir=/

52

63

53

This will generate a ``dispatch.py`` file in the current directory that contains

64

This will generate a ``dispatch.py`` file in the current directory that contains

54

the necessary components to finalize an installation into IIS. Once this file

65

the necessary components to finalize an installation into IIS. Once this file

59

70

60

This accomplishes two things: generating an ISAPI compliant DLL file,

71

This accomplishes two things: generating an ISAPI compliant DLL file,

61

``_dispatch.dll``, and installing a script map handler into IIS for the

72

``_dispatch.dll``, and installing a script map handler into IIS for the

62

``--root`` specified above pointing to ``_dispatch.dll``.

73

``--virtualdir`` specified above pointing to ``_dispatch.dll``.

63

74

64

The ISAPI handler is registered to all file extensions, so it will automatically

75

The ISAPI handler is registered to all file extensions, so it will automatically

65

be the one handling all requests to the specified ~~root~~. When the website starts

76

be the one handling all requests to the specified virtual directory. When the website starts

66

the ISAPI handler, it will start a thread pool managed wrapper around the paster

77

the ISAPI handler, it will start a thread pool managed wrapper around the paster

67

middleware WSGI handler that Kallithea runs within and each HTTP request to the

78

middleware WSGI handler that Kallithea runs within and each HTTP request to the

68

site will be processed through this logic henceforth.

79

site will be processed through this logic henceforth.

73

The recommended way to handle authentication with Kallithea using IIS is to let

84

The recommended way to handle authentication with Kallithea using IIS is to let

74

IIS handle all the authentication and just pass it to Kallithea.

85

IIS handle all the authentication and just pass it to Kallithea.

75

86

87

.. note::

88

89

As an alternative without SSO, you can also use LDAP authentication with

90

Active Directory, see :ref:`ldap-setup`.

91

76

To move responsibility into IIS from Kallithea, we need to configure Kallithea

92

To move responsibility into IIS from Kallithea, we need to configure Kallithea

77

to let external systems handle authentication and then let Kallithea create the

93

to let external systems handle authentication and then let Kallithea create the

78

user automatically. To do this, access the administration's authentication page

94

user automatically. To do this, access the administration's authentication page

108

and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea

124

and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea

109

application itself) that are uncaught, will be printed here complete with stack

125

application itself) that are uncaught, will be printed here complete with stack

110

traces, making it a lot easier to identify issues.

126

traces, making it a lot easier to identify issues.

127

128

129

.. _hgssoauthenticatio: https://bitbucket.org/domruf/hgssoauthentication

             If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,
             or in the admin panel you can check the "build from scratch" checkbox.
+            .. _ldap-setup:
             Setting up LDAP support
             -----------------------

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             .. note::
+                Installing Kallithea under IIS can enable Single Sign-On to the Kallithea
+                web interface from web browsers that can authenticate to the web server.
+                (As an alternative to IIS, SSO is also possible with for example Apache and
+                mod_sspi.)
+                Mercurial and Git do however by default not support SSO on the client side
+                and will still require some other kind of authentication.
+                (An extension like hgssoauthentication_ might solve that.)
+            .. note::
                 For the best security, it is strongly recommended to only host the site over
                 a secure connection, e.g. using TLS.
             The ISAPI handler can be generated using::
-                paster install-iis my.ini --root=/
+                paster install-iis my.ini --virtualdir=/
             This will generate a ``dispatch.py`` file in the current directory that contains
             the necessary components to finalize an installation into IIS. Once this file
             This accomplishes two things: generating an ISAPI compliant DLL file,
             ``_dispatch.dll``, and installing a script map handler into IIS for the
-            ``--root`` specified above pointing to ``_dispatch.dll``.
+            ``--virtualdir`` specified above pointing to ``_dispatch.dll``.
             The ISAPI handler is registered to all file extensions, so it will automatically
-            be the one handling all requests to the specified root. When the website starts
+            be the one handling all requests to the specified virtual directory. When the website starts
             the ISAPI handler, it will start a thread pool managed wrapper around the paster
             middleware WSGI handler that Kallithea runs within and each HTTP request to the
             site will be processed through this logic henceforth.
             The recommended way to handle authentication with Kallithea using IIS is to let
             IIS handle all the authentication and just pass it to Kallithea.
+            .. note::
+                As an alternative without SSO, you can also use LDAP authentication with
+                Active Directory, see :ref:`ldap-setup`.
             To move responsibility into IIS from Kallithea, we need to configure Kallithea
             to let external systems handle authentication and then let Kallithea create the
             user automatically. To do this, access the administration's authentication page
             and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea
             application itself) that are uncaught, will be printed here complete with stack
             traces, making it a lot easier to identify issues.
+            .. _hgssoauthenticatio: https://bitbucket.org/domruf/hgssoauthentication