2016-10-15 19:57:54 +02:00
<!DOCTYPE html>
< html lang = "fr" dir = "ltr" >
< head >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" / >
2017-02-07 17:35:26 +01:00
< title > documentation:2.0:handlerauthbasic< / title > <!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else --><!-- //endif -->
2016-10-15 19:57:54 +02:00
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,handlerauthbasic" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "handlerauthbasic.html" / >
< link rel = "contents" href = "handlerauthbasic.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
2016-10-15 19:57:54 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : h a n d l e r a u t h b a s i c " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
2017-02-07 17:35:26 +01:00
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script > <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script > <!-- //endif --> <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.js" > < / script > <!-- //endif -->
2016-10-15 19:57:54 +02:00
< / head >
< body >
< div class = "dokuwiki export container" > <!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Présentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
2017-02-22 13:41:23 +01:00
< li class = "level2" > < div class = "li" > < a href = "#virtual_host" > Hôte virtuel< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#nginx" > Nginx< / a > < / div > < / li >
2016-10-15 19:57:54 +02:00
< li class = "level2" > < div class = "li" > < a href = "#handler_parameters" > Paramètres de l'agent< / a > < / div > < / li >
< / ul > < / li >
< / ul >
< / div >
< / div > <!-- TOC END -->
< h1 class = "sectionedit1" id = "authbasic_handler" > Agent AuthBasic< / h1 >
< div class = "level1" >
< / div > <!-- EDIT1 SECTION "AuthBasic Handler" [1 - 33] -->
< h2 class = "sectionedit2" id = "presentation" > Présentation< / h2 >
< div class = "level2" >
< p >
L'agent AuthBasic est un agent spécial qui utilise l'authentification web basique pour authentifier dans un hôte virtuel et qui utilise ensuite les règles d'autorisation pour valider les accès à l'hôte virtuel.
< / p >
< p >
L'agent envoie un en-tête WWW-Authenticate au client pour demander le couple compte-mot-de-passe et ensuite le vérifie en utilisant le service web < a1> SOAP< /a1> getCookies. Lorsque la session est validée, l'agent examine les autorisations comme un agent standard.
< / p >
< p >
Ce peut être pratique pour autoriser une application cliente à accéder à un hôte virtuel avec un authentifiant en envoyant un en-tête basique.
< / p >
< / div > <!-- EDIT2 SECTION "Presentation" [34 - 634] -->
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< / div > <!-- EDIT3 SECTION "Configuration" [635 - 661] -->
< h3 class = "sectionedit4" id = "virtual_host" > Hôte virtuel< / h3 >
< div class = "level3" >
2017-02-22 13:41:23 +01:00
< p >
You just have to set “Type: AuthBasic” in the virtualHost options in the manager.
2016-10-15 19:57:54 +02:00
2017-02-22 13:41:23 +01:00
< / p >
2016-10-15 19:57:54 +02:00
< p >
2017-02-22 13:41:23 +01:00
If you want to protect only a virtualHost part, keep type on “Main” and set type in your configuration file:
2016-10-15 19:57:54 +02:00
< / p >
2017-02-22 13:41:23 +01:00
< ul >
< li class = "level1" > < div class = "li" > Apache: use simply a < code > PerlSetVar VHOSTTYPE AuthBasic< / code > < / div >
< / li >
< li class = "level1" > < div class = "li" > Nginx: create another FastCGI with a < code > fastcgi_param VHOSTTYPE = AuthBasic;< / code > < em > (and remove error_page 401)< / em > < / div >
< / li >
< / ul >
2016-10-15 19:57:54 +02:00
2017-02-22 13:41:23 +01:00
< / div > <!-- EDIT4 SECTION "Virtual host" [662 - 1052] -->
2016-10-15 19:57:54 +02:00
2017-02-22 13:41:23 +01:00
< h3 class = "sectionedit5" id = "nginx" > Nginx< / h3 >
< div class = "level3" >
2016-10-15 19:57:54 +02:00
< p >
2017-02-22 13:41:23 +01:00
Since 1.9.6, LLNG FastCGI server can handle AuthBasic handler. To call it, you just have to add < code > fastcgi_param VHOSTTYPE AuthBasic;< / code > in the FastCGI server call and remove < code > error_page 401< / code > directive:
2016-10-15 19:57:54 +02:00
< / p >
< pre class = "file" > location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
2017-02-22 13:41:23 +01:00
fastcgi_param VHOSTTYPE AuthBasic;
2016-10-15 19:57:54 +02:00
# Ignorer les données postées
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Conserver le nom d'hôte original
fastcgi_param HOST $http_host;
# Conserver la requête originale (le serveur LLNG va recevoir /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location / {
...
######################################
# CALLING AUTHENTICATION #
######################################
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
# Remove this for AuthBasic handler
#error_page 401 $lmlocation;
...
}< / pre >
2017-02-22 13:41:23 +01:00
< / div > <!-- EDIT5 SECTION "Nginx" [1053 - 2076] -->
2016-10-15 19:57:54 +02:00
2017-02-22 13:41:23 +01:00
< h3 class = "sectionedit6" id = "handler_parameters" > Paramètres de l'agent< / h3 >
2016-10-15 19:57:54 +02:00
< div class = "level3" >
< p >
Aucun paramètres n'est requis. Il faut en revanche autoriser le service web des sessions, voir le < a href = "soapsessionbackend.html" class = "wikilink1" title = "documentation:2.0:soapsessionbackend" > backend de sessions SOAP< / a > .
< / p >
2017-02-22 13:41:23 +01:00
< / div > <!-- EDIT6 SECTION "Handler parameters" [2077 - ] -->
2016-10-15 19:57:54 +02:00
< / div >
< / body >
< / html >