update documentation
This commit is contained in:
parent
cb6a3c5c08
commit
4625e408e2
10 changed files with 116 additions and 2 deletions
66
docs/certifications.rst
Normal file
66
docs/certifications.rst
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
.. _certifications-label:
|
||||||
|
|
||||||
|
Certifications
|
||||||
|
====================
|
||||||
|
|
||||||
|
Overview
|
||||||
|
--------
|
||||||
|
|
||||||
|
To be bale to upload and store certificates within SEB Server is a new feature since SEB Server version 1.2. This allows an institutional administrator
|
||||||
|
or an exam administrator to upload and store certificates for further use within SEB Server.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
Certificates uploaded to SEB Server are stored in a secured certificate-store that is stored within the data base rather then a
|
||||||
|
usual file. The certificated store is password secured and only the binary data of the certificate store is places into the
|
||||||
|
databease for securty reasons.
|
||||||
|
|
||||||
|
Once a certificate has been uploaded to SEB Server it can be used for various other features of SEB Server where a certificate is needed.
|
||||||
|
One feature that also comes with the SEB Server version 1.2 is the ability to encrypt a connection configuration with a certificate
|
||||||
|
that has the right purpose (Identity) to do so. If you need this feature already, please have a look at: :ref:`connection-configuration-label`
|
||||||
|
Other planed features are the import of certificate encrypted exam configurations as well as to embed certificates within a exam configuration
|
||||||
|
to allow certificate pinning between SEB and LMS.
|
||||||
|
|
||||||
|
There is currently certificate upload support for two version of certificates:
|
||||||
|
|
||||||
|
**PEM**
|
||||||
|
|
||||||
|
This are usually non password protected certificates in different file-formats. SEB Server currently supports the following PEM file-formats:
|
||||||
|
|
||||||
|
- .pem
|
||||||
|
- .crt
|
||||||
|
- .cer
|
||||||
|
|
||||||
|
**PKCS12**
|
||||||
|
|
||||||
|
This are usually password protected certificates in different file-formats. SEB Server currently supports the following PKCS12 file-formats:
|
||||||
|
|
||||||
|
- .p12
|
||||||
|
- .pfx
|
||||||
|
|
||||||
|
.. image:: images/certificates/cert_list.png
|
||||||
|
:align: center
|
||||||
|
:target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/master/docs/images/certificates/cert_list.png
|
||||||
|
|
||||||
|
|
||||||
|
Use Cases
|
||||||
|
---------
|
||||||
|
|
||||||
|
**Upload a certificate**
|
||||||
|
|
||||||
|
- To upload and store a certificate of supported file type, please open the "SEB Configuration" section and select the "Certificates" page
|
||||||
|
- You will see the list of known certificates from the SEB Server like in the picture above.
|
||||||
|
- Choose "Import Certificate" from the right action pane and the upload dialog will open.
|
||||||
|
- Within the upload dialog, select the certificate file on your local machine that you want to upload.
|
||||||
|
- If the certificate is password protected, you will need to give the password to upload the certificate.
|
||||||
|
- Chlick on "OK" to start the import.
|
||||||
|
- If the import is successful the imported certificate will show up in the list. Otherwise SEB Server will display an error message with the reason of failure.
|
||||||
|
|
||||||
|
**Remove / delete a certificate**
|
||||||
|
|
||||||
|
- To permanently delete a stored certificate on SEB Server, please open the "SEB Configuration" section and select the "Certificates" page
|
||||||
|
- You will see the list of known certificates from the SEB Server like in the picture above.
|
||||||
|
- Please select the certificate you want to remove.
|
||||||
|
- Choose "Remove Selected Certificates" from the right action pane and a configuration dialog will appear.
|
||||||
|
- If you are sure to delete the selected certificate(s), click on "OK" to delete.
|
||||||
|
- The deleted certificates disappear form the certificates list.
|
||||||
|
|
|
@ -19,10 +19,15 @@ with context defines default values and also to be able to only see change the a
|
||||||
This feature is currently in an experimental state and may be changed and / or expanded within future releases of SEB Server. See
|
This feature is currently in an experimental state and may be changed and / or expanded within future releases of SEB Server. See
|
||||||
:ref:`config-template-label`
|
:ref:`config-template-label`
|
||||||
|
|
||||||
|
An new feature since SEB Server version 1.2 is the integrated certificate store where an administator is able to upload and register
|
||||||
|
certificates. The certificates can then be used to encrypt and secure a connection configuration for example. Or as planed for another
|
||||||
|
SEB Server release, to embed into an exam configuration for SEB to allow certificate pinning on SEB - LMS communication.
|
||||||
|
|
||||||
|
|
||||||
.. toctree::
|
.. toctree::
|
||||||
:maxdepth: 1
|
:maxdepth: 1
|
||||||
|
|
||||||
connection_config
|
connection_config
|
||||||
exam_config
|
exam_config
|
||||||
config_template
|
config_template
|
||||||
|
certifications
|
|
@ -55,6 +55,7 @@ Short description of all attributes of a connection configuration:
|
||||||
**Starting an Exam**; Will cause SEB to use this connection configuration settings on startup but won't change local SEB settings.
|
**Starting an Exam**; Will cause SEB to use this connection configuration settings on startup but won't change local SEB settings.
|
||||||
**Configuring a connection**; Will cause SEB to use this connection configuration settings and also save it as local SEB settings.
|
**Configuring a connection**; Will cause SEB to use this connection configuration settings and also save it as local SEB settings.
|
||||||
- **Configuration Password**: Used to encrypt the connection configuration with a password. A SEB client will prompt this password while loading a password protected connection configuration.
|
- **Configuration Password**: Used to encrypt the connection configuration with a password. A SEB client will prompt this password while loading a password protected connection configuration.
|
||||||
|
- **Encrypt with Certificate**: Since version 1.2. Used to encrypt the connection configuration with a certificate. The same certificate must be known by a SEB client to be able to load the configuration.
|
||||||
- **With Fallback**: Select this to see and define a fallback strategy for SEB clients using this connection configuration in case of SEB Server service unavailability.
|
- **With Fallback**: Select this to see and define a fallback strategy for SEB clients using this connection configuration in case of SEB Server service unavailability.
|
||||||
- **Fallback URL**: Defines a start URL that is loaded by the SEB client in a fallback case.
|
- **Fallback URL**: Defines a start URL that is loaded by the SEB client in a fallback case.
|
||||||
- **Connection Attempts**: Defines the number of attempts a SEB client will try to unsuccessfully connect to the SEB Server service until it switches to the fallback case.
|
- **Connection Attempts**: Defines the number of attempts a SEB client will try to unsuccessfully connect to the SEB Server service until it switches to the fallback case.
|
||||||
|
@ -89,7 +90,7 @@ configuration settings in the following ways:
|
||||||
|
|
||||||
- Connection configuration with "Starting an Exam" setting and fallback strategy:
|
- Connection configuration with "Starting an Exam" setting and fallback strategy:
|
||||||
Show warning with options "retry", "fallback" (load Fallback URL) and "quit".
|
Show warning with options "retry", "fallback" (load Fallback URL) and "quit".
|
||||||
|
|
||||||
|
|
||||||
Use Cases
|
Use Cases
|
||||||
---------
|
---------
|
||||||
|
@ -135,3 +136,21 @@ that connects with this connection configuration will then receive an HTTP 401 U
|
||||||
- Now use the "Deactivate Connection Configuration" action from the right action pane to deactivate the connection configuration.
|
- Now use the "Deactivate Connection Configuration" action from the right action pane to deactivate the connection configuration.
|
||||||
- The connection configuration is now deactivated and SEB client using this connection configuration are not able to connect to SEB Server anymore.
|
- The connection configuration is now deactivated and SEB client using this connection configuration are not able to connect to SEB Server anymore.
|
||||||
|
|
||||||
|
**Encrypt the Connection Configuration by password or certificate**
|
||||||
|
|
||||||
|
To secure the used connection configuration you want to encrypt it with either password or certificate encryption. If you encrypt a connection
|
||||||
|
configuration by password, SEB will promt the user for the password while loading the configuration whereas by using certificate encryption,
|
||||||
|
a SEB client must know the same certificate that is been used for encryption while loading the configuration.
|
||||||
|
|
||||||
|
- Sign in as an Institutional Administrator and select the "Connection Configuration" sub-menu of the "SEB Configuration" main-menu on the left.
|
||||||
|
- Create an new connection configuration or use the list filter and / or the list navigation to find the needed connection configuration.
|
||||||
|
- Fill in the settings as usual and for password encryption define a password in the "Configuration Password" field and confirm the password in the "Confirm Password" field.
|
||||||
|
- For a certificate based encryption select one of the given certificates within the "Encrypt with Certificate" setting.
|
||||||
|
- To upload new certificates that can be used for encryption, please refer to: :ref:`certifications-label`
|
||||||
|
- "Use asymmetric only encryption" if you have use SEB Clients with version before 2.2. For more details on this subject please see: `SEB Configuration <https://www.safeexambrowser.org/windows/win_usermanual_en.html#configuration>`_
|
||||||
|
- Save and activate the connection configuration. The connection configuration will then be encrypted by either password or certificate on export.
|
||||||
|
|
||||||
|
.. image:: images/connection_config/encrypt.png
|
||||||
|
:align: center
|
||||||
|
:target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/master/docs/images/connection_config/encrypt.png
|
||||||
|
|
||||||
|
|
2
docs/files/webservice_seb-server.xml
Normal file
2
docs/files/webservice_seb-server.xml
Normal file
File diff suppressed because one or more lines are too long
BIN
docs/images/certificates/cert_list.png
Normal file
BIN
docs/images/certificates/cert_list.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 44 KiB |
BIN
docs/images/connection_config/encrypt.png
Normal file
BIN
docs/images/connection_config/encrypt.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 50 KiB |
BIN
docs/images/lmssetup/moodle_mobile.png
Normal file
BIN
docs/images/lmssetup/moodle_mobile.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 42 KiB |
Binary file not shown.
Before Width: | Height: | Size: 71 KiB After Width: | Height: | Size: 94 KiB |
|
@ -206,6 +206,20 @@ Once the client registration was successful the client id and client secret can
|
||||||
|
|
||||||
To be able to create an LMS Setup for Moodle you need a Moodle administrator or manager account. You can then use this account in the LMS Setup to connect the the LMS.
|
To be able to create an LMS Setup for Moodle you need a Moodle administrator or manager account. You can then use this account in the LMS Setup to connect the the LMS.
|
||||||
|
|
||||||
|
Since SEB Server uses some functions from the Moodles mobile API, you have to make sure the web services for mobile apps are enabled within your Moodle setup.
|
||||||
|
To do so please login to Moodel with an administrator account and go to "Side Administration", scroll down to "Mobile App" and choose "Mobile Settings.
|
||||||
|
|
||||||
|
.. image:: images/lmssetup/moodle_mobile.png
|
||||||
|
:align: center
|
||||||
|
:target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/documentation/docs/images/lmssetup/moodle_mobile.png
|
||||||
|
|
||||||
|
If you have a restrictive Moodle setup and troubles with the Moodle API account to use with SEB Server, please try to import the following
|
||||||
|
Moodle role profile within youe Moodle instance. This profile will create a SEB Server role within Moodle that can be used to apply to an
|
||||||
|
API account to be used with SEB Server. The role defines only the necessary privileges and functions needed for SEB Server communication.
|
||||||
|
|
||||||
|
Moodle role and account settings: :download:`XML <files/webservice_seb-server.xml>`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.. _lms-setup-rest-plugin-label:
|
.. _lms-setup-rest-plugin-label:
|
||||||
|
|
||||||
|
|
|
@ -144,4 +144,12 @@ action form the right action pane to open up a pop-up containing all related inf
|
||||||
|
|
||||||
Currently there is no export functionality to export all interessting SEB client logs to a CSV table for example. But such a feature will probably come
|
Currently there is no export functionality to export all interessting SEB client logs to a CSV table for example. But such a feature will probably come
|
||||||
with a next version of SEB Server.
|
with a next version of SEB Server.
|
||||||
|
|
||||||
|
**Delete filtered client logs**
|
||||||
|
|
||||||
|
To delete all currently filtered client logs, please use the "Delete Logs" action form the right action pane.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
On deletion, all available logs will permanantly be deleted from the persistent storage. So please make sure you want to delete all
|
||||||
|
logs that are currently displayed in the list before deleting.
|
||||||
|
|
Loading…
Reference in a new issue