From ebb992e72526717d739b692ccf2812d720455dc5 Mon Sep 17 00:00:00 2001
From: Ketil Albertsen <ketil.albertsen@uninett.no>
Date: Thu, 27 Mar 2008 16:01:05 +0000
Subject: [PATCH] Language check and correction of a number of errors.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@455 44740490-163a-0410-bde0-09ae8108e29a
---
docs/source/simplesamlphp-idp.xml | 349 +++++++++++++++---------------
1 file changed, 178 insertions(+), 171 deletions(-)
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index ef07d5663..915c5315a 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -32,16 +32,16 @@
</itemizedlist>
<para>This document assumes that you already have a installation of
- simpleSAMLphp. Before you continue make sure all the required entries in
- the check list at the buttom is showing green light.</para>
+ simpleSAMLphp. Before you continue, make sure all the required entries in
+ the check list at the bottom is showing green light.</para>
</section>
<section>
<title>Enabling the Identity Provider functionality</title>
- <para>The SAML 2.0 SP functionality is enabled per default. Edit
- <filename>config.php</filename>, and enable either the SAML 2.0 IdP or the
- Shib 1.3 IdP, depending on your needs. Here is an example of SAML 2.0 IdP
+ <para>Edit <filename>config.php</filename>, and enable either the SAML 2.0
+ IdP or the Shib 1.3 IdP, depending on your needs. By default, SAML 2.0 SP
+ IdP functionality is enabled. Here is an example of SAML 2.0 IdP
enabled:</para>
<programlisting>'enable.saml20-sp' => false,
@@ -53,105 +53,107 @@
<section>
<title>Authentication modules</title>
- <para>In the <filename>www/auth</filename> directory, you see multiple
- files, each representing an authentication module. In the IdP hosted
- metadata configuration you specify which authentication module that should
- be used for that specific IdP. You can implement your own authentication
- module, see <xref linkend="sect.customauth" />.</para>
+ <para>In the <filename>www/auth</filename> directory, each file represents
+ an authentication module. The IdP hosted metadata configuration specifies
+ which authentication module to use for that specific IdP. You can
+ implement your own authentication module, see <xref
+ linkend="sect.customauth" />.</para>
<para>These authentication modules are included:</para>
- <glosslist>
- <glossentry>
- <glossterm>auth/login.php</glossterm>
-
- <glossdef>
- <para>This is the standard LDAP backend authentication module, it
- uses LDAP configuration from the config.php file.</para>
- </glossdef>
- </glossentry>
-
- <glossentry>
- <glossterm>auth/login-ldapmulti.php</glossterm>
-
- <glossdef>
- <para>This authentication module lets you connect to multiple LDAPS
- depending on what organization the user selects in the login
- form.</para>
- </glossdef>
- </glossentry>
-
- <glossentry>
- <glossterm>auth/login-feide.php</glossterm>
-
- <glossdef>
- <para>A multi-LDAP module which looks up the users in LDAP first
- searching for <literal>eduPersonPrincipalName</literal>.</para>
- </glossdef>
- </glossentry>
-
- <glossentry>
- <glossterm>auth/login-radius.php</glossterm>
-
- <glossdef>
- <para>This authentication module will authenticate users against an
- RADIUS server instead of LDAP.</para>
- </glossdef>
- </glossentry>
-
- <glossentry>
- <glossterm>auth/login-auto.php</glossterm>
-
- <glossdef>
- <para>This module will automatically login the user with some test
- details. You can use this to test the IdP functionality if you do
- not have</para>
-
- <para>This module is not completed yet. Work in progress.</para>
- </glossdef>
- </glossentry>
-
- <glossentry>
- <glossterm>auth/login-cas-ldap.php</glossterm>
-
- <glossdef>
- <para>Authentication via CAS. Then look up attributes via
- LDAP.</para>
- </glossdef>
- </glossentry>
- </glosslist>
+ <para><glosslist>
+ <glossentry>
+ <glossterm>auth/login.php</glossterm>
+
+ <glossdef>
+ <para>This is the standard LDAP backend authentication module. It
+ uses LDAP configuration from the <filename>config.php</filename>
+ file.</para>
+ </glossdef>
+ </glossentry>
+
+ <glossentry>
+ <glossterm>auth/login-ldapmulti.php</glossterm>
+
+ <glossdef>
+ <para>This authentication module lets you connect to multiple
+ LDAPs depending on the home organization selected by the
+ user.</para>
+ </glossdef>
+ </glossentry>
+
+ <glossentry>
+ <glossterm>auth/login-feide.php</glossterm>
+
+ <glossdef>
+ <para>A multi-LDAP module which looks up the users in LDAP, first
+ searching for <literal>eduPersonPrincipalName</literal>.</para>
+ </glossdef>
+ </glossentry>
+
+ <glossentry>
+ <glossterm>auth/login-radius.php</glossterm>
+
+ <glossdef>
+ <para>This authentication module will authenticate users against
+ an RADIUS server instead of LDAP.</para>
+ </glossdef>
+ </glossentry>
+
+ <glossentry>
+ <glossterm>auth/login-auto.php</glossterm>
+
+ <glossdef>
+ <para>This module will automatically login the user with some test
+ details. You can use this to test the IdP functionality if you do
+ not have</para>
+
+ <para>This module is not completed yet. Work in progress.</para>
+ </glossdef>
+ </glossentry>
+
+ <glossentry>
+ <glossterm>auth/login-cas-ldap.php</glossterm>
+
+ <glossdef>
+ <para>Authentication via CAS, followed by attribute lookup in
+ LDAP.</para>
+ </glossdef>
+ </glossentry>
+ </glosslist></para>
<section>
<title>Configuring the LDAP authentication module</title>
- <para>The LDAP module is <filename>auth/login.php</filename>.</para>
+ <para>The LDAP module is found in
+ <filename>auth/login.php</filename>.</para>
- <para>If you want to perform local authentication on this server, and
- you want to use the LDAP authenticaiton plugin, then you need to
- configure the following parameters in
- <filename>config/ldap.php</filename>:</para>
+ <para>If you want to perform local authentication using this server,
+ using the LDAP authentication plugin, the following parameters should be
+ configured in <filename>config/ldap.php</filename>:</para>
<itemizedlist>
<listitem>
- <para><literal>auth.ldap.dnpattern</literal>: What DN should you
- bind to? Replacing %username% with the username the user types
+ <para><literal>auth.ldap.dnpattern</literal>: Which DN to bind to.
+ <literal>%username%</literal> is replaced with the user name typed
in.</para>
</listitem>
<listitem>
- <para><literal>auth.ldap.hostname</literal>: The hostname of the
- LDAP server</para>
+ <para><literal>auth.ldap.hostname</literal>: Host name of the LDAP
+ server</para>
</listitem>
<listitem>
<para><literal>auth.ldap.attributes</literal>: Search parameter to
- LDAP. What attributes should be extracted?
- <literal>objectclass=*</literal> gives you all.</para>
+ LDAP. List of attributes to be extracted. Set this option to
+ <literal>null</literal> to retrieve all attributes available.</para>
</listitem>
<listitem>
<para><literal>auth.ldap.enable_tls</literal>: Will perform
- start_tls() after creation the connectino to the LDAP server.</para>
+ <code>ldap_start_tls()</code> after creation the connectino to the
+ LDAP server.</para>
</listitem>
</itemizedlist>
</section>
@@ -159,7 +161,7 @@
<section>
<title>Configuring the multi-LDAP authenticaiton module</title>
- <para>The module is
+ <para>The module is found in
<filename>auth/login-ldapmulti.php</filename>.</para>
<note>
@@ -172,17 +174,16 @@
<section>
<title>Setting up a SSL signing certificate</title>
- <para>For test purposes, you can skip this section, and use the included
- certificate.</para>
+ <para>For test purposes, you can skip this section, and use the
+ certificate included in the simpleSAMLphp distribution.</para>
- <para>For a production system, uou must generate a new certificate for
+ <para>For a production system, you must generate a new certificate for
your IdP.</para>
<warning>
- <para>There is a certificate that follows this package that you can use
- for test purposes, but off course <emphasis>NEVER</emphasis> use this in
- production as the private key is also included in the package and can be
- downloaded by anyone.</para>
+ <para>The certificate that follows the simpleSAMLphp distribution must
+ <emphasis>NEVER</emphasis> be used in production, as the private key is
+ also included in the package and can be downloaded by anyone.</para>
</warning>
<para>Here is an examples of openssl commands to generate a new key and a
@@ -204,8 +205,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<section>
<title>Configuring metadata for an SAML 2.0 IdP</title>
- <para>If you want to setup a SAML 2.0 IdP you need to configure two
- metadata files: <filename>saml20-idp-hosted.php</filename> and
+ <para>To setup a SAML 2.0 IdP you must configure two metadata files:
+ <filename>saml20-idp-hosted.php</filename> and
<filename>saml20-sp-remote.php</filename>.</para>
<section>
@@ -218,18 +219,18 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
'idp.example.org' => array(
// The hostname of the server (VHOST) that this SAML entity will use.
- 'host' => 'sp.example.org',
+ 'host' => 'sp.example.org',
// X.509 key and certificate. Relative to the cert directory.
- 'privatekey' => 'server.pem',
- 'certificate' => 'server.crt',
+ 'privatekey' => 'server.pem',
+ 'certificate' => 'server.crt',
// Authentication plugin to use. login.php is the default one that uses LDAP.
- 'auth' => 'auth/login.php',
+ 'auth' => 'auth/login.php',
'authority' => 'login',
),</programlisting>
- <para>Here are some details of each of the parameters:</para>
+ <para>Parameter details:</para>
<section>
<title>Mandatory metadata fields</title>
@@ -239,8 +240,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>key (the key of the associative array)</glossterm>
<glossdef>
- <para>The entity ID of the IdP. In this example this value is
- set to: <literal>idp.example.org</literal>.</para>
+ <para>The entity ID of the IdP. In this example:
+ <literal>idp.example.org</literal>.</para>
</glossdef>
</glossentry>
@@ -248,7 +249,7 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>host</glossterm>
<glossdef>
- <para>The hostname of the server running this IdP.</para>
+ <para>Host name of the server running this IdP.</para>
</glossdef>
</glossentry>
@@ -256,8 +257,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>privatekey</glossterm>
<glossdef>
- <para>Pointing to the private key in PEM format, in the certs
- directory.</para>
+ <para>Name of private key file in PEM format, in the
+ <filename>certs</filename> directory.</para>
</glossdef>
</glossentry>
@@ -265,8 +266,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>certificate</glossterm>
<glossdef>
- <para>Pointing to the certificate file in PEM format, in the
- certs directory.</para>
+ <para>Name of certificate file in PEM format, in the
+ <filename>certs</filename> directory.</para>
</glossdef>
</glossentry>
@@ -274,9 +275,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>auth</glossterm>
<glossdef>
- <para>Which authentication module to use? Default is:
- <filename>auth/login.php</filename> which is the LDAP
- authentication module.</para>
+ <para>Which authentication module to use. Default:
+ <filename>auth/login.php, </filename>the LDAP authentication
+ module.</para>
</glossdef>
</glossentry>
</glosslist>
@@ -300,8 +301,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossdef>
<para>Who is authorized to create sessions for this IdP. Can be
- login for LDAP login module, or saml2 for SAML 2.0 SP. It is
- highly reccomended to set this parameter.</para>
+ <literal>login</literal> for LDAP login module, or
+ <literal>saml2</literal> for SAML 2.0 SP. Specifying this
+ parameter is highly recommended.</para>
</glossdef>
</glossentry>
@@ -309,8 +311,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>attributemap</glossterm>
<glossdef>
- <para>An attribute map is a mapping table that translate
- attribute names. Read more in the advances features
+ <para>Mapping table for translating attribute names. For further
+ information, see the <emphasis>Advances Features</emphasis>
document.</para>
</glossdef>
</glossentry>
@@ -319,9 +321,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>attributealter</glossterm>
<glossdef>
- <para>You can implement custom functions that injects or
- modifies attributes. Here you can specify an array of such
- fuctions. Read more in the advances features document.</para>
+ <para>Table of custom functions that injects or modifies
+ attributes. For further information, see the <emphasis>Advances
+ Features</emphasis> document.</para>
</glossdef>
</glossentry>
</glosslist>
@@ -330,8 +332,10 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<section>
<title>Fields for signing authentication requests</title>
- <para>simpleSAMLphp supports signing the HTTP-REDIRECT LogoutRequest,
- but by default it will not sign it. It will use the same
+ <para>By default, simpleSAMLphp will not sign the HTTP-REDIRECT
+ LogoutRequest. To activate signing, set the
+ <literal>request.signing</literal> parameter to
+ <literal>true</literal>. The signing will use the same
privatekey/certificate as used for signing the AuthnResponse.</para>
<glosslist>
@@ -340,8 +344,7 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossdef>
<para>A boolean value, that should be true or false. Default is
- false. To turn on signing authentication requests, set this flag
- to true.</para>
+ false.</para>
</glossdef>
</glossentry>
</glosslist>
@@ -357,8 +360,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<section>
<title>Configuring SAML 2.0 SP Remote metadata</title>
- <para>Here (saml20-sp-remote.php) you configure all SPs that you trust.
- Here is an example:</para>
+ <para>In the file <filename>saml20-sp-remote.php</filename>, you
+ configure all SPs that you trust. Here is an example:</para>
<programlisting>/*
* Example simpleSAMLphp SAML 2.0 SP
@@ -367,11 +370,11 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/saml2/sp/AssertionConsumerService.php',
'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/saml2/sp/SingleLogoutService.php',
- 'attributes' => array('email', 'eduPersonPrincipalName'),
- 'name' => 'Example service provider',
+ 'attributes' => array('email', 'eduPersonPrincipalName'),
+ 'name' => 'Example service provider',
),</programlisting>
- <para>Here are some details about each of the parameters:</para>
+ <para>Parameter details:</para>
<section>
<title>Mandatory metadata fields</title>
@@ -381,7 +384,7 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>key (the key of the associative array)</glossterm>
<glossdef>
- <para>The entity ID of the given SP. Here it is:
+ <para>Entity ID of the given SP. Here:
<literal>saml2sp.example.org</literal>.</para>
</glossdef>
</glossentry>
@@ -390,9 +393,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>AssertionConsumerService</glossterm>
<glossdef>
- <para>The URL of this SAML 2.0 endpoint. Ask the SP if you are
- unsure. If the SP sent you SAML 2.0 metadata, you can find the
- parameter in there.</para>
+ <para>URL of this SAML 2.0 endpoint. Ask the SP if you are
+ uncertain. You may find the endpoint URL in SAML 2.0 metadata
+ received from the SP.</para>
</glossdef>
</glossentry>
</glosslist>
@@ -406,9 +409,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>SingleLogoutService</glossterm>
<glossdef>
- <para>The URL of this SAML 2.0 endpoint. Ask the SP if you are
- unsure. If the SP sent you SAML 2.0 metadata, you can find the
- parameter in there.</para>
+ <para>URL of this SAML 2.0 endpoint. Ask the SP if you are
+ uncertain. You may find the endpoint URL in SAML 2.0 metadata
+ received from the SP.</para>
</glossdef>
</glossentry>
@@ -416,7 +419,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>NameIDFormat</glossterm>
<glossdef>
- <para>Set it to the default: transient.</para>
+ <para>Set it to the default:
+ <literal>transient</literal>.</para>
</glossdef>
</glossentry>
@@ -424,8 +428,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>SPNameQualifier</glossterm>
<glossdef>
- <para>The SP NameQualifier for this SP. If not set, the IdP will
- set the SPNameQualifier to be the SP entity ID.</para>
+ <para>SP NameQualifier for this SP. If not set, the IdP will set
+ the SPNameQualifier to be the SP entity ID.</para>
</glossdef>
</glossentry>
@@ -433,8 +437,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>base64attributes</glossterm>
<glossdef>
- <para>Perform base64 encoding of attributes sent to this
- SP.</para>
+ <para>Boolean, default <literal>false</literal>: Perform base64
+ encoding of attributes sent to this SP. This parameter must be
+ set according to what the SP expects.</para>
</glossdef>
</glossentry>
@@ -442,11 +447,13 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>simplesaml.nameidattribute</glossterm>
<glossdef>
- <para>If the NameIDFormat is set to email, then the email
- address will be retrieved from the attribute with this name. In
- example, the simplesaml.nameidattribute can be set to uid, and
- then the authentcation module sets an attribute with name uid.
- The value of this attribute will be set as the NameID.</para>
+ <para>If the <code>NameIDFormat</code> is set to
+ <literal>email</literal>, then the email address is extracted
+ from the attribute with this name. E.g. if
+ <code>simplesaml.nameidattribute</code> is set to uid, and the
+ authentcation module provides an attribute named
+ <code>uid</code>, this attribute value is set as the
+ NameID.</para>
</glossdef>
</glossentry>
@@ -454,8 +461,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>attributemap</glossterm>
<glossdef>
- <para>An attribute map is a mapping table that translate
- attribute names. Read more in the advanced features
+ <para>Mapping table for translating attribute names. For further
+ information, see the <emphasis>Advances Features</emphasis>
document.</para>
</glossdef>
</glossentry>
@@ -464,9 +471,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>attributealter</glossterm>
<glossdef>
- <para>You can implement custom functions that injects or
- modifies attributes. Here you can specify an array of such
- fuctions. Read more in the advances features document.</para>
+ <para>Table of custom functions that injects or modifies
+ attributes. For further information, see the <emphasis>Advances
+ Features</emphasis> document.</para>
</glossdef>
</glossentry>
@@ -474,8 +481,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>simplesaml.attributes</glossterm>
<glossdef>
- <para>Should an attribute statement be sent to the SP? Default
- is <literal>true</literal>.</para>
+ <para>Boolean, default <literal>true</literal>: Send an
+ attribute statement to the SP.</para>
</glossdef>
</glossentry>
@@ -483,9 +490,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>attributes</glossterm>
<glossdef>
- <para>An array of attributes that will be sent to the SP. If
- this field is not set, the SP will get all attributes available
- at the IdP.</para>
+ <para>Array of attributes sent to the SP. If this field is not
+ set, the SP receives all attributes available at the IdP.</para>
</glossdef>
</glossentry>
@@ -510,8 +516,8 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>request.signing</glossterm>
<glossdef>
- <para>A boolean value set to true or false. Defines whether this
- IdP should require signed requests from this SP.</para>
+ <para>Boolean, default <literal>false</literal>. Defines whether
+ this IdP should require signed requests from this SP.</para>
</glossdef>
</glossentry>
@@ -519,9 +525,9 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<glossterm>certificate</glossterm>
<glossdef>
- <para>The name of the certificate file used to verify the
- signature, if <literal>request.signing</literal> is set to
- true.</para>
+ <para>Name of certificate file for verifying the signature when
+ <literal>request.signing</literal> is set to
+ <literal>true</literal>.</para>
</glossdef>
</glossentry>
</glosslist>
@@ -532,11 +538,12 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<section>
<title>Configuring metadata for a Shibboleth 1.3 IdP</title>
- <para>You need to configure the <filename>shib13-idp-hosted.php</filename>
- metadata, as well as the list of trusted SPs in the
- <filename>shib13-sp-remote-php</filename> metadata. This configuration is
- very similar to the SAML 2.0 metadata mentioned in the previous section,
- so go look there for now.</para>
+ <para>In the file <filename>shib13-idp-hosted.php</filename>, you
+ configure metadata for the Shibboleth 1.3 IdP. In the file
+ <filename>shib13-sp-remote.php</filename>, you configurethe list of
+ trusted SPs using the Shibboleth 1.3 protocol. This configuration is very
+ similar to configuring SAML 2.0 metadata; please find information in the
+ previous chapter.</para>
</section>
<section>
@@ -548,18 +555,19 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<tip>
<para>To make the initial test up and running with minimal hassle, use
the login-auto if you do not want to setup a user storage, and use the
- included cert so you do not need to create a new certificate.</para>
+ included certificate so you do not need to create a new one.</para>
</tip>
</section>
<section>
<title>Support</title>
- <para>If you have problems to get this work, or want to discuss
- simpleSAMLphp with other users of the software you are lucky! Around
- simpleSAMLphp there is a great Open source community, and you are welcome
- to join! Both for asking question, answer other questions, request
- improvements or contribute with code or plugins of your own.</para>
+ <para>If you need help to make this work, or want to discuss simpleSAMLphp
+ with other users of the software, you are fortunate: Around simpleSAMLphp
+ there is a great Open source community, and you are welcome to join! The
+ forums are open for you to ask questions, contribute answers other further
+ questions, request improvements or contribute with code or plugins of your
+ own.</para>
<itemizedlist>
<listitem>
@@ -605,21 +613,20 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<section>
<title>Authentication API</title>
- <para>The authentication plugin should be placed in the auth
- directory.</para>
+ <para>The authentication plugin should be placed in the
+ <filename>auth</filename> directory.</para>
<para>The following parameters must be accepted in the incomming
URL:</para>
<itemizedlist>
<listitem>
- <para><literal>RelayState</literal>: This is the URL that the user
- should be sent back to after authentication within the
- plugin.</para>
+ <para><literal>RelayState</literal>: URL where the user is sent
+ after authentication within the plugin.</para>
</listitem>
<listitem>
- <para><literal>RequestID</literal>: This is the ID of an incomming
+ <para><literal>RequestID</literal>: ID of an incomming
request.</para>
</listitem>
</itemizedlist>
--
GitLab