Documentation draft

docs/installation/pki/packetfence.asciidoc

@@ -98,3 +98,42 @@ image::packetfence-pki-pki-provider_menu.png[scaledwidth="100%",alt="PKI Provide
 ===== Create a certificate per user or per device mac address, this example will cover one certificate per device:
 
 image::packetfence-pki-pki-provider_creation.png[scaledwidth="100%",alt="PKI Provider"]
+
+
+==== Intune Integration
+
+===== Azure configuration
+
+You can hand out certificates when you use intune enrolment.
+
+First you need to create an application on Azure that allow PacketFence to connect to the Intune API.
+
+To do that first you have to go in Azure portal and App registration then click "New registration"
+
+image::Intune-1-App-Registration.png[scaledwidth="100%",alt="App-Registration"]
+
+Next set a Name and in "Supported account types" select "Accounts in this organizational directory only" then click "Register"
+
+image::Intune-2-Register-Application.png[scaledwidth="100%",alt="Register-Application"]
+
+On the next page you have to copy the "Application (Client) ID" and the "Directory (tenant) ID", thoses will be needed to configure PacketFence.
+
+image::Intune-3-App-Detail.png[scaledwidth="100%",alt="Application-Detail"]
+
+Then you need to generate a "Client secrets", to do that click on "Add a certificate or secret" 
+
+image::Intune-4-App-Certificates-Secrets.png[scaledwidth="100%",alt="App-Certificates-Secrets"]
+
+image::Intune-5-Add-Client-Secret.png[scaledwidth="100%",alt="Add-Client-Secret"]
+
+Copy the "Value" of the secret, this is the only time you should be able to see it.
+
+image::Intune-6-Copy-Client-Secret.png[scaledwidth="100%",alt="Copy-Client-Secret"]
+
+Next you have to add API permissions, click on "API permissions" -> "Add a Permissions" and search for Intune and select "scep_challenge_provider".
+
+image::Intune-7-API-Permissions.png[scaledwidth="100%",alt="API-Permissions"]
+
+Last step is to "Grant admin", just click on "Grant admin consent for ..." and click "Yes"
+
+image::Intune-8-Grant-Admin.png[scaledwidth="100%",alt="Grant-Admin"]

go/caddy/pfpki/cloud/intune.go

@@ -13,7 +13,6 @@ import (
 	"os"
 
 	"github.com/Azure/go-autorest/autorest/adal"
-	"github.com/davecgh/go-spew/spew"
 	"github.com/google/uuid"
 	"github.com/inverse-inc/packetfence/go/caddy/pfpki/certutils"
 	"github.com/inverse-inc/packetfence/go/pfconfigdriver"
@@ -78,7 +77,7 @@ const VALIDATION_URL = "ScepActions/validateRequest"
 const NOTIFY_SUCCESS_URL = "ScepActions/successNotification"
 const NOTIFY_FAILURE_URL = "ScepActions/failureNotification"
 const SERVICE_VERSION_PROP_NAME = VALIDATION_SERVICE_NAME + "Version"
-const PROVIDER_NAME_AND_VERSION_NAME = "PacketFence 10.3"
+const PROVIDER_NAME_AND_VERSION_NAME = "PacketFence"
 
 const intuneAppId = "0000000a-0000-0000-c000-000000000000"
 const intuneResourceUrl = "https://api.manage.microsoft.com/"
@@ -125,8 +124,6 @@ func (cl *Intune) NewCloud(ctx context.Context, name string) {
 	id, err := uuid.NewUUID()
 	cl.TransactionID = id.String()
 
-	spew.Dump(cl)
-
 	spt, err = adal.NewServicePrincipalToken(*oauthConfig, cl.ClientID, cl.ClientSecret, graphResourceUrl)
 
 	err = spt.Refresh()
@@ -185,7 +182,6 @@ func (cl *Intune) NewCloud(ctx context.Context, name string) {
 							apiEndpoint.ObjectId = n.(map[string]interface{})["objectId"].(string)
 							apiEndpoint.ResourceId = n.(map[string]interface{})["resourceId"].(string)
 							apiEndpoint.ObjectType = n.(map[string]interface{})["objectType"].(string)
-							// apiEndpoint.DeletionTimestamp = n.(map[string]interface{})["deletionTimestamp"].(interface{})
 							apiEndpoint.Capability = n.(map[string]interface{})["capability"].(string)
 							apiEndpoint.ServiceId = n.(map[string]interface{})["serviceId"].(string)
 							apiEndpoint.ServiceName = n.(map[string]interface{})["serviceName"].(string)
@@ -265,8 +261,8 @@ func (cl *Intune) SuccessReply(ctx context.Context, cert *x509.Certificate, data
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
-	spew.Dump(body)
+	_, err = ioutil.ReadAll(resp.Body)
+
 	if resp.StatusCode != 200 {
 		return errors.New("Unable to verify the scep request on intune")
 	}
@@ -302,8 +298,7 @@ func (cl *Intune) FailureReply(ctx context.Context, cert *x509.Certificate, data
 		return err
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
-	spew.Dump(body)
+	_, err = ioutil.ReadAll(resp.Body)
 
 	if resp.StatusCode != 200 {
 		return errors.New("Unable to verify the scep request on intune")

go/caddy/pfpki/models/models.go

@@ -20,7 +20,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/davecgh/go-spew/spew"
 	"github.com/fdurand/scep/scep"
 	"github.com/knq/pemutil"
 
@@ -577,7 +576,7 @@ func (c CA) HasCN(cn string, allowTime int, cert *x509.Certificate, revokeOldCer
 		cert := pemUtil.(*x509.Certificate)
 
 		if cert.NotAfter.Unix()-int64((14*24*time.Hour).Seconds()) < time.Now().Unix() {
-			spew.Dump("Need to revoke")
+
 			params := make(map[string]string)
 
 			params["id"] = strconv.Itoa(int(certif.ID))