Site Administration

Site Administration information

BranchVersionFirst buildLatest build
Long Term Support (LTS)7.05.122019-02-192019-06-07
Long Term Support (LTS)7.08.022019-10-022019-11-14
Next7.08.032019-11-07Today

Long Term Support Versions

VersionReleaseRetirement
7.05.122019-02-192020-01-02
7.08.022019-10-022021-01-02

Release Versions

VersionReleaseRetirement
7.08.012019-09-022019-10-02
7.06.052019-08-022019-09-02
7.06.042019-07-022019-08-02
7.06.032019-06-022019-07-02
7.06.022019-05-022019-06-02
7.06.012019-04-022019-05-02
7.05.132019-03-022019-04-02

Overview

SAML allows for SSO using the Web Browser users credentials.

Noodle Prerequisites

If AD is being used, LDAP users should have already been populated within Noodle.

Quick reference

  1. Save your IdP URL and fingerprint in your SP (Noodle)
  2. Use https://yourNoodle.tld/SAML.po in your IdP settings and Web Browser.

Supported IdPs

Onelogin, Okta, and Azure
Note: Contact us for assistance integrating Other IdPs.

Noodle Configuration

In Noodle navigate to “System Tools > Settings > Single Sign-On”

Both URL & fingerprint will be supplied by your IdP vendor. Your IdP may provide an XML file which contains the URL and certificate, to convert the certificate into a SHA-1 fingerprint there are some online SAML tools:

  1. Format Certificate
  2. Calculate Fingerprint

IdP Configuration

Your IdP will require a location to direct SAML responses, use https://yourNoodle.tld/SAML.po.  Noodle will be compatible with the default settings of most IdPs.

onelogin

  1. Navigate to "Administration > Applications > Add App"
  2. Search for "SAML Test Connector (IdP)"
  3. setting tabs
    • Info (all optional)
    • Configuration
      • ACS (Consumer) URL Validator = .*
      • ACS (Consumer) URL = https://yourNoodle.tld/SAML.po
      • the rest can be left blank
    • Parameters
      • Configured by admin
        • NameID (fka Email) = Email
    • Rules (all optional)
    • SSO
      • X.509 Certificate = 2048-bit
        • View details will show the fingerprint
      • SAML Signature Algorithm = SHA-1
      • SAML 2.0 Endpoint (HTTP)
        • This is the URL to save in Noodle
    • Access (all optional)
    • Users (make sure you add some)
    • Privileges (all optional)

  • Average number of logins per day
  • Application usage
  • Number of Logins per user
  • Index Queue
  • Error Codes
  • User Activity
  • Page Hits
  • Item Views
  • User IPs
  • User Time
  • Storage Space Occupied
  • Shared Folders
  • Large Files
  • Home Folders

Some intermediate servers (proxy/gateway/firewall/router/etc) will answer a request from the browser on behalf of the server. If this happens frequently and you are unable to change the intermediate server to avoid this (supporting 2 minute connections is a good start) you can use

top.noodle.ajax.ignoreMasquerading=true;

use that as a last resort as it can cause further UI interference.

mailto has no defined limit on the number of characters but there are limits in practice (as of 2015)

Web Browsers:

  •  Apple Safari
    • 705000000
    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
    • limited by 16GB RAM
  • Mozilla Firefox
    • 268435455
    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
    • limited by maximum string length
  • Google Chrome
    • 2097132
    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
    • limited without explanation
  • Microsoft Internet Explorer
    • 2029
    • Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
    • limited without explanation

Email Clients:

  • Mozilla Thunderbird
    • 2097132 works in 1 second
    • 268435455 uses 100% CPU for 2 minutes but fails to render the body and is not usable
    • version 38.3.0
  • SeaMonkey
    • 2097132 works in 5 seconds
    • 268435455 uses 100% CPU for a long time (more than 5 minutes)
    • version 2.38
  • Apple Mail
    • 500000 works in 14 seconds
    • 2097132 uses 100% CPU for a long time (more than 5 minutes)
    • version 8.2
  • Microsoft Outlook
    • trims any url to 2070 in 1 second
    • version 2013

There is a Microsoft Office bug (2019105) that will attempt WebDAV windows authentication from non WebDAV links. To work around this bug the server can specify the "Content-Disposition" header as an "attachment" (requesting the browser save the file instead of opening it). Microsoft Internet Explorer will still ask if you want to open the file but will not attempt WebDAV. When making links with ShowItemData.po use the "download" in place of the "filename" parameter. For example:

/ShowItemData.po?handle=123&download=file.ext

 

 

This code can be added to a re-writer to select no manager by default
How to make "Reports to" default to nothing or a selected user instead of the current user:

if(url.indexOf("UserDetails.po")>-1 && url.indexOf("user=")<0){
  doc.getElementById("users_MANAGER").selectedIndex=0;
}

If someone tries to brute force passwords their IP will be blacklisted.

  • The IP will be denied access then un-listed after 24 hours
  • This can be immediately cleared by restarting the Noodle service
  • The feature may be disabled or specific whitelisting entries added from the System Settings > Security section
  • The default threshold (20 failures per minute) may be adjusted  via the BlackList.PerMinuteThreshold option in intranet.conf.
  • One NATed IPv4 user can get many users blacklisted due to shared IP. IPv6 or internal monitoring are the only way to prevent that without disabling blacklisting.

  1. Use a mobile device that is not restrictive (LineageOS is recommended) or at least permits the Installation of Google Chrome.Push_1
  2. Install Google Chrome.Push_2
  3. Open Noodle (SSL must be used).Push_3
  4. Login.Push_4
  5. View Messages, and click subscribe.Push_5
  6. Use a desktop browser to create and fill in the push URL setting.Push_6
  7. Push subscribe with your mobile again, and now when someone sends you an instant message you will be Notified. Notifications will also show up on smart watches.Push_7

Emails can be sent in the following 5 ways:

  • Subscriptions (per user)
    • My Profile > Edit > What's New > Subscription
    • System Tools > People > [USER] > What's New > Subscription
  • Auto notifications (per folder)
    • Administration > Auto Notification
    • (supported folder application types only)
  • Workflow (per folder)
    • Workflow Tab
    • (supported folder application types only)
  • Memo manger (per site)
    • System application
  • Notification (any item or folder)
    • any user can notify any other user of any item
  • Health warnings