update documentation

This commit is contained in:
anhefti 2021-07-27 11:20:03 +02:00
parent cb6a3c5c08
commit 4625e408e2
10 changed files with 116 additions and 2 deletions

66
docs/certifications.rst Normal file
View file

@ -0,0 +1,66 @@
.. _certifications-label:
Certifications
====================
Overview
--------
To be bale to upload and store certificates within SEB Server is a new feature since SEB Server version 1.2. This allows an institutional administrator
or an exam administrator to upload and store certificates for further use within SEB Server.
.. note::
Certificates uploaded to SEB Server are stored in a secured certificate-store that is stored within the data base rather then a
usual file. The certificated store is password secured and only the binary data of the certificate store is places into the
databease for securty reasons.
Once a certificate has been uploaded to SEB Server it can be used for various other features of SEB Server where a certificate is needed.
One feature that also comes with the SEB Server version 1.2 is the ability to encrypt a connection configuration with a certificate
that has the right purpose (Identity) to do so. If you need this feature already, please have a look at: :ref:`connection-configuration-label`
Other planed features are the import of certificate encrypted exam configurations as well as to embed certificates within a exam configuration
to allow certificate pinning between SEB and LMS.
There is currently certificate upload support for two version of certificates:
**PEM**
This are usually non password protected certificates in different file-formats. SEB Server currently supports the following PEM file-formats:
- .pem
- .crt
- .cer
**PKCS12**
This are usually password protected certificates in different file-formats. SEB Server currently supports the following PKCS12 file-formats:
- .p12
- .pfx
.. image:: images/certificates/cert_list.png
:align: center
:target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/master/docs/images/certificates/cert_list.png
Use Cases
---------
**Upload a certificate**
- To upload and store a certificate of supported file type, please open the "SEB Configuration" section and select the "Certificates" page
- You will see the list of known certificates from the SEB Server like in the picture above.
- Choose "Import Certificate" from the right action pane and the upload dialog will open.
- Within the upload dialog, select the certificate file on your local machine that you want to upload.
- If the certificate is password protected, you will need to give the password to upload the certificate.
- Chlick on "OK" to start the import.
- If the import is successful the imported certificate will show up in the list. Otherwise SEB Server will display an error message with the reason of failure.
**Remove / delete a certificate**
- To permanently delete a stored certificate on SEB Server, please open the "SEB Configuration" section and select the "Certificates" page
- You will see the list of known certificates from the SEB Server like in the picture above.
- Please select the certificate you want to remove.
- Choose "Remove Selected Certificates" from the right action pane and a configuration dialog will appear.
- If you are sure to delete the selected certificate(s), click on "OK" to delete.
- The deleted certificates disappear form the certificates list.

View file

@ -19,10 +19,15 @@ with context defines default values and also to be able to only see change the a
This feature is currently in an experimental state and may be changed and / or expanded within future releases of SEB Server. See This feature is currently in an experimental state and may be changed and / or expanded within future releases of SEB Server. See
:ref:`config-template-label` :ref:`config-template-label`
An new feature since SEB Server version 1.2 is the integrated certificate store where an administator is able to upload and register
certificates. The certificates can then be used to encrypt and secure a connection configuration for example. Or as planed for another
SEB Server release, to embed into an exam configuration for SEB to allow certificate pinning on SEB - LMS communication.
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
connection_config connection_config
exam_config exam_config
config_template config_template
certifications

View file

@ -55,6 +55,7 @@ Short description of all attributes of a connection configuration:
**Starting an Exam**; Will cause SEB to use this connection configuration settings on startup but won't change local SEB settings. **Starting an Exam**; Will cause SEB to use this connection configuration settings on startup but won't change local SEB settings.
**Configuring a connection**; Will cause SEB to use this connection configuration settings and also save it as local SEB settings. **Configuring a connection**; Will cause SEB to use this connection configuration settings and also save it as local SEB settings.
- **Configuration Password**: Used to encrypt the connection configuration with a password. A SEB client will prompt this password while loading a password protected connection configuration. - **Configuration Password**: Used to encrypt the connection configuration with a password. A SEB client will prompt this password while loading a password protected connection configuration.
- **Encrypt with Certificate**: Since version 1.2. Used to encrypt the connection configuration with a certificate. The same certificate must be known by a SEB client to be able to load the configuration.
- **With Fallback**: Select this to see and define a fallback strategy for SEB clients using this connection configuration in case of SEB Server service unavailability. - **With Fallback**: Select this to see and define a fallback strategy for SEB clients using this connection configuration in case of SEB Server service unavailability.
- **Fallback URL**: Defines a start URL that is loaded by the SEB client in a fallback case. - **Fallback URL**: Defines a start URL that is loaded by the SEB client in a fallback case.
- **Connection Attempts**: Defines the number of attempts a SEB client will try to unsuccessfully connect to the SEB Server service until it switches to the fallback case. - **Connection Attempts**: Defines the number of attempts a SEB client will try to unsuccessfully connect to the SEB Server service until it switches to the fallback case.
@ -89,7 +90,7 @@ configuration settings in the following ways:
- Connection configuration with "Starting an Exam" setting and fallback strategy: - Connection configuration with "Starting an Exam" setting and fallback strategy:
Show warning with options "retry", "fallback" (load Fallback URL) and "quit". Show warning with options "retry", "fallback" (load Fallback URL) and "quit".
Use Cases Use Cases
--------- ---------
@ -135,3 +136,21 @@ that connects with this connection configuration will then receive an HTTP 401 U
- Now use the "Deactivate Connection Configuration" action from the right action pane to deactivate the connection configuration. - Now use the "Deactivate Connection Configuration" action from the right action pane to deactivate the connection configuration.
- The connection configuration is now deactivated and SEB client using this connection configuration are not able to connect to SEB Server anymore. - The connection configuration is now deactivated and SEB client using this connection configuration are not able to connect to SEB Server anymore.
**Encrypt the Connection Configuration by password or certificate**
To secure the used connection configuration you want to encrypt it with either password or certificate encryption. If you encrypt a connection
configuration by password, SEB will promt the user for the password while loading the configuration whereas by using certificate encryption,
a SEB client must know the same certificate that is been used for encryption while loading the configuration.
- Sign in as an Institutional Administrator and select the "Connection Configuration" sub-menu of the "SEB Configuration" main-menu on the left.
- Create an new connection configuration or use the list filter and / or the list navigation to find the needed connection configuration.
- Fill in the settings as usual and for password encryption define a password in the "Configuration Password" field and confirm the password in the "Confirm Password" field.
- For a certificate based encryption select one of the given certificates within the "Encrypt with Certificate" setting.
- To upload new certificates that can be used for encryption, please refer to: :ref:`certifications-label`
- "Use asymmetric only encryption" if you have use SEB Clients with version before 2.2. For more details on this subject please see: `SEB Configuration <https://www.safeexambrowser.org/windows/win_usermanual_en.html#configuration>`_
- Save and activate the connection configuration. The connection configuration will then be encrypted by either password or certificate on export.
.. image:: images/connection_config/encrypt.png
:align: center
:target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/master/docs/images/connection_config/encrypt.png

File diff suppressed because one or more lines are too long

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 50 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 42 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 94 KiB

View file

@ -206,6 +206,20 @@ Once the client registration was successful the client id and client secret can
To be able to create an LMS Setup for Moodle you need a Moodle administrator or manager account. You can then use this account in the LMS Setup to connect the the LMS. To be able to create an LMS Setup for Moodle you need a Moodle administrator or manager account. You can then use this account in the LMS Setup to connect the the LMS.
Since SEB Server uses some functions from the Moodles mobile API, you have to make sure the web services for mobile apps are enabled within your Moodle setup.
To do so please login to Moodel with an administrator account and go to "Side Administration", scroll down to "Mobile App" and choose "Mobile Settings.
.. image:: images/lmssetup/moodle_mobile.png
:align: center
:target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/documentation/docs/images/lmssetup/moodle_mobile.png
If you have a restrictive Moodle setup and troubles with the Moodle API account to use with SEB Server, please try to import the following
Moodle role profile within youe Moodle instance. This profile will create a SEB Server role within Moodle that can be used to apply to an
API account to be used with SEB Server. The role defines only the necessary privileges and functions needed for SEB Server communication.
Moodle role and account settings: :download:`XML <files/webservice_seb-server.xml>`
.. _lms-setup-rest-plugin-label: .. _lms-setup-rest-plugin-label:

View file

@ -144,4 +144,12 @@ action form the right action pane to open up a pop-up containing all related inf
Currently there is no export functionality to export all interessting SEB client logs to a CSV table for example. But such a feature will probably come Currently there is no export functionality to export all interessting SEB client logs to a CSV table for example. But such a feature will probably come
with a next version of SEB Server. with a next version of SEB Server.
**Delete filtered client logs**
To delete all currently filtered client logs, please use the "Delete Logs" action form the right action pane.
.. note::
On deletion, all available logs will permanantly be deleted from the persistent storage. So please make sure you want to delete all
logs that are currently displayed in the list before deleting.