2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:authslave< / title >
< meta name = "generator" content = "DokuWiki" / >
2017-02-22 13:41:23 +01:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:04 +02:00
< meta name = "keywords" content = "documentation,2.0,authslave" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "authslave.html" / >
< link rel = "contents" href = "authslave.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : a u t h s l a v e " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
2019-09-23 22:41:16 +02:00
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#example" > Example< / a > < / div > < / li >
< / ul > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
2016-10-15 19:57:04 +02:00
< h1 class = "sectionedit1" id = "slave" > Slave< / h1 >
< div class = "level1" >
< div class = "table sectionedit2" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Authentication < / th > < th class = "col1 centeralign" > Users < / th > < th class = "col2 centeralign" > Password < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > ✔ < / td > < td class = "col1 centeralign" > ✔ < / td > < td class = "col2" > < / td >
< / tr >
< / table > < / div >
<!-- EDIT2 TABLE [22 - 85] -->
< / div >
<!-- EDIT1 SECTION "Slave" [1 - 85] -->
< h2 class = "sectionedit3" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > Slave backend relies on HTTP headers to retrieve user login and/or attributes.
< / p >
< ul >
< li class = "level1" > < div class = "li" > Authentication: will check user login in a header and create session without prompting any credentials (but will register client < abbr title = "Internet Protocol" > IP< / abbr > and creation date)< / div >
< / li >
2019-09-23 22:41:16 +02:00
< li class = "level1" > < div class = "li" > Users: collect data transferred in HTTP headers by the " master" .< / div >
2016-10-15 19:57:04 +02:00
< / li >
< / ul >
< p >
2017-02-07 17:35:26 +01:00
It allows one to put < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > ::portal behind another web < abbr title = "Single Sign On" > SSO< / abbr > , or behind a SSL hardware to delegate SSL authentication to that hardware.
2016-10-15 19:57:04 +02:00
< / p >
< / div >
2019-09-23 22:41:16 +02:00
<!-- EDIT3 SECTION "Presentation" [86 - 559] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit4" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< p >
In Manager, go in < code > General Parameters< / code > > < code > Authentication modules< / code > and choose Slave for authentication or users module.
< / p >
< p >
Then, go in < code > Slave parameters< / code > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Authentication level< / strong > : authentication level for this module.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Header for user login< / strong > : header that contains the user main login< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Master' s < abbr title = "Internet Protocol" > IP< / abbr > address< / strong > : the < abbr title = "Internet Protocol" > IP< / abbr > addresses of servers which are accredited to authenticate user. This is a security point, to prevent someone to create a session by sending custom headers. You can set one or several < abbr title = "Internet Protocol" > IP< / abbr > addresses, separated by spaces, or let this parameter empty to disable the checking.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Control header name< / strong > : header that contains a value to control. Let this parameter empty to disable the checking.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Control header content< / strong > : value to control. Let this parameter empty to disable the checking.< / div >
< / li >
2019-09-23 22:41:16 +02:00
< li class = "level1" > < div class = "li" > < strong > Display authentication logo< / strong > : display Slave logo.< / div >
< / li >
2016-10-15 19:57:04 +02:00
< / ul >
< p >
You have then to declare HTTP headers exported by the main < abbr title = "Single Sign On" > SSO< / abbr > (in < strong > Exported Variables< / strong > ). Example :
< / p >
< div class = "table sectionedit5" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key (< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > name) < / th > < th class = "col1 centeralign" > Value (HTTP header name) < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > uid < / td > < td class = "col1 centeralign" > Auth-User < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 centeralign" > mail < / td > < td class = "col1 centeralign" > User-Email < / td >
< / tr >
< / table > < / div >
2019-09-23 22:41:16 +02:00
<!-- EDIT5 TABLE [1573 - 1675] -->
< / div >
<!-- EDIT4 SECTION "Configuration" [560 - 1676] -->
< h3 class = "sectionedit6" id = "example" > Example< / h3 >
< div class = "level3" >
< ul >
< li class = "level1" > < div class = "li" > Request with curl ="AuthChoice_with_Slave_and_Secured_cookie_gt/double_cookies_for_a_single_session":< / div >
< / li >
< / ul >
< p >
< strong > Control header name< / strong > : control
< / p >
< p >
< strong > Control header content< / strong > : password
< / p >
< pre class = "code" > curl -k https://127.0.0.1:19876 -H ' CN: dwho' -H ' Host: auth.example.com' -H ' Accept: application/json' -H ' control: password' -d " lmAuth=2_Slave" | json_pp< / pre >
< ul >
< li class = "level1" > < div class = "li" > Response for good authentication:< / div >
< / li >
< / ul >
< pre class = "code javascript" > < span class = "br0" > { < / span >
< span class = "st0" > " result" < / span > < span class = "sy0" > :< / span > < span class = "nu0" > 1< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " error" < / span > < span class = "sy0" > :< / span > < span class = "nu0" > 0< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " id_http" < / span > < span class = "sy0" > :< / span > < span class = "st0" > " 5237ce20290d6110915a05d62f52618955b5f71b6dd3424481372ad419a5b122" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " id" < / span > < span class = "sy0" > :< / span > < span class = "st0" > " 16fec9bd7a0523328568ca919ee0a6d6e329832f6c302bf36b106db92b5ec23d" < / span >
< span class = "br0" > } < / span > < / pre >
2016-10-15 19:57:04 +02:00
< p >
See also < a href = "exportedvars.html" class = "wikilink1" title = "documentation:2.0:exportedvars" > exported variables configuration< / a > .
< / p >
< / div >
2019-09-23 22:41:16 +02:00
<!-- EDIT6 SECTION "Example" [1677 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >