aboutsummaryrefslogtreecommitdiff
path: root/docs/intranet/auth.rst
blob: 20be2b27dcaa771e5ad829183ef54a461607e846 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Authentication
==============

The intranet provides authentication for itself through a login page, and
other services as a central authentication service.

Once the registration process for a person in charge is complete, this person
will receive an e-mail from `adherents@sgdf.fr <mailto:adherents@sgdf.fr>`_
with their adherent code, which serves as a login name, and a default
password (:download:`sample <auth-mailids.png>`).

The code can be retrieved using the first name, common name and birth date
of an adherent, which will send a mail to the person containing their
adherent code, without resetting their password
(:download:`sample <auth-mailids3.png>`).

The password can be changed using the adherent code, in case it has been
forgotten; this will result in an instant password reset and a sent mail
containing the new password (:download:`sample <auth-mailids3.png>`).

These credentials can be used for the intranet and the approved external
services using it to authenticate and identify users.

Logging in (internal)
---------------------

Authentification goes through the ``/Default.aspx`` page as a normal form.
The following arguments are taken:

``ctl00$MainContent$login``
	The login name, i.e. the adherent code.

``ctl00$MainContent$password``
	The password.

If the credentials are valid, the user is redirected to ``/Accueil.aspx``,
otherwise the same page is loaded with a warning, amongst:

``Identifiant invalide``
	The identifier is invalid.

``Mot de passe invalide``
	The password is invalid.

``Le compte associé à l'identifiant 'XXXXXXXXX' ne donne pas le droit d'utiliser cette application``
	The given identifier isn't allowed to login (e.g. ``160000000``).

Requiring a new password
------------------------

To ask for a new password, one shall use the form on
``/securite/OubliMotDePasse.aspx`` while sending the following arguments:

``ctl00$MainContent$_tbIdentifiant``
	The identifier.

If there was a problem with the request, the same page is loaded with a
``ctl00__erreur__lblErreur`` element containing the error message, amongst:

``Identifiant invalide``
	The given identifier is invalid.

``Le compte associé à l'identifiant 'XXXXXXXXX' ne donne pas le droit d'utiliser cette application``
	The given identifier isn't allowed to login (e.g. ``160000000``).

If the request has successfully been executed, the page doesn't contain a
form (``ctl00_MainContent__tableFormulaire``) nor an error message.

Logging in (external)
---------------------

Authentication can be provided to approved services through a Web Service,
`Authentification.asmx`_. Example services using this external authentication
service are:

- `<http://decouverte.sgdf.fr/>`_ (:download:`sample <auth-decouverte.png>`).
- `<https://petitions.sgdf.fr/>`_ (:download:`sample <auth-petitions.png>`).
- `<https://valorise-toi.sgdf.fr/>`_ (:download:`sample <auth-valorise.png>`).

.. _Authentification.asmx: https://intranet.sgdf.fr/Specialisation/Sgdf/WebServices/Authentification.asmx