[ci skip] Autodoc commit for a2cfdeb792957f7ef7ffe9129164c83814ab9faa.

latest/_sources/authentication/shibboleth.rst.txt

@@ -47,12 +47,12 @@ such:
    logout_redirect: /Shibboleth.sso/Logout?return=https%3A%2F%2Fidp.my-center.edu%2Fidp%2Fprofile%2FLogout
 
    # Capture system user name from authenticated user name
-   user_map_cmd: "/opt/ood/ood_auth_map/bin/ood_auth_map.regex --regex='^(\\w+)@my-center.edu'"
+   user_map_match: '([^@]+)@my-center.edu'
 
 
 In the example above:
 
-- The ``user_map_cmd`` uses regular expressions to map the authenticated user
+- The ``user_map_match`` uses regular expressions to map the authenticated user
   ``[email protected]`` to their system user name ``bob``.
 - The ``RequestHeader`` settings are used to strip private session information
   from being sent to the backend web servers.

latest/_sources/customizations.rst.txt

@@ -7,6 +7,37 @@ Customizations
   Check out the :ref:`pun-environment` for an overview of how environment variables can be
   added.
 
+.. _disabling_applications:
+
+Disabling applications
+----------------------
+
+OnDemand is comprised of a few components. Each of which you can disable or limit
+access by simply changing the file permissions of the application.
+
+All the applications OnDemand installs are located in `/var/www/ood/apps/sys`.
+So, for example, if you wished to disable the file browser you would simply
+change it's directory to 700 so it's unreadable by regular users.
+
+When this directory is unreadable by regular users, the functionality
+it provides will be disabeled.
+
+.. code-block:: sh
+
+  sudo chmod 700 /var/www/ood/apps/sys/files
+
+Alternatively, if you wished to limit acess you can do so through group
+permissions. For example, if you wanted to limit access to the file browser
+to only memebers in the Unix group ``staff``, you would simply apply the
+applicable file permission such that anonymous users cannot access the
+directory while members of the ``staff`` Unix group can.
+
+.. code-block:: sh
+
+  sudo chmod 750 /var/www/ood/apps/sys/files
+  sudo chown root:staff /var/www/ood/apps/sys/files
+
+
 Announcements
 -------------
 

latest/_sources/reference/files/ood-portal-yml.rst.txt

@@ -73,7 +73,8 @@ Configure General Options
 
         .. code-block:: yaml
 
-          servername: "class.my-cool-site.example.edu"
+          server_aliases: 
+             - "class.my-cool-site.example.edu"
 
 .. describe:: proxy_server (String, null)
 
@@ -1262,4 +1263,4 @@ to ``null`` will disable this feature.
           dex: false
 
 .. _auth_openidc.conf: https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf
-.. _documentation on lua patterns: https://www.lua.org/manual/5.1/manual.html#5.4.1
+.. _documentation on lua patterns: https://www.lua.org/manual/5.1/manual.html#5.4.1

latest/_sources/security.rst.txt

@@ -7,6 +7,9 @@ Introduction
 ------------
 This document details the security framework for Open OnDemand, providing essential information that administrators need to know for secure deployment and operation.
 
+.. note::
+  If you're here to report a vulerability, you may refer to :ref:`vulnerability-management`.
+
 Considerations
 --------------
 This section outlines key security advantages and areas for vigilance within the Open OnDemand environment.
@@ -32,14 +35,8 @@ that some centers may want to change or disable altogether.
 - **File Access**: OnDemand lets users navigate the file system. While file permissions
   limit what a user can view and navigate to, some centers may want to limit this even further.
   One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.
-
-
-Additional Information
-----------------------
-
-- **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.
-
-- **Security Audits**: The platform undergoes periodic security audits by Trusted CI, the NSF Cybersecurity Center of Excellence. Summaries of these audits are available, with the latest report accessible `here <https://openondemand.org/sites/default/files/documents/Trusted%20CI%20Open%20OnDemand%20Engagement%20Final%20Report%20-%20REDACTED%20FOR%20PUBLIC%20RELEASE%20210712_0.pdf>`_.
+  Additionally, you may want to disable or limit access to the application. You can do this
+  through :ref:`disabling_applications`.
 
 Conclusion
 ----------

latest/authentication/overview.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/overview/configure-authentication.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/overview/configure-logout.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/overview/map-user.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/shibboleth.html

@@ -261,12 +261,12 @@
 <span class="nt">logout_redirect</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/Shibboleth.sso/Logout?return=https%3A%2F%2Fidp.my-center.edu%2Fidp%2Fprofile%2FLogout</span><span class="w"></span>
 
 <span class="c1"># Capture system user name from authenticated user name</span><span class="w"></span>
-<span class="nt">user_map_cmd</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/opt/ood/ood_auth_map/bin/ood_auth_map.regex</span><span class="nv"> </span><span class="s">--regex=&#39;^(\\w+)@my-center.edu&#39;&quot;</span><span class="w"></span>
+<span class="nt">user_map_match</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;([^@]+)@my-center.edu&#39;</span><span class="w"></span>
 </pre></div>
 </div>
 <p>In the example above:</p>
 <ul class="simple">
-<li><p>The <code class="docutils literal notranslate"><span class="pre">user_map_cmd</span></code> uses regular expressions to map the authenticated user
+<li><p>The <code class="docutils literal notranslate"><span class="pre">user_map_match</span></code> uses regular expressions to map the authenticated user
 <code class="docutils literal notranslate"><span class="pre">bob&#64;my-center.edu</span></code> to their system user name <code class="docutils literal notranslate"><span class="pre">bob</span></code>.</p></li>
 <li><p>The <code class="docutils literal notranslate"><span class="pre">RequestHeader</span></code> settings are used to strip private session information
 from being sent to the backend web servers.</p></li>