lemonldap-ng/doc/sources/admin/issuerdbget.rst

Get parameters Provider
=======================

Presentation
------------

For application not managing other provider protocols (CAS, OpenID
Connect, SAML,...) it is possible to configure LL::NG as a provider of
GET parameters:

-  An application can call LL::NG portal with a redirection url, such as
   ``http://auth.example.com/get/login?url=base64(application_url)``
-  When computing redirection, LL::NG portal will transmit any GET
   parameter you have configured for this application. (session id for
   example)


.. danger::

    Passing such sensitive information can be dangerous. Using
    other well-known secured protocols is recommended.

There is also the possibility to trigger a logout action by passing the
return url , such as
``http://auth.example.com/get/logout?url=base64(return_url)``

Configuration
-------------

In the Manager, go in ``General Parameters`` » ``Issuer modules`` »
``GET`` and configure:

-  **Activation**: set to ``On``.
-  **Path**: keep ``^/get/`` unless you have change
   :ref:`Apache portal configuration<configlocation-portal>` file.
-  **Use rule**: a rule to allow user to use this module, set to 1 to
   always allow.


.. tip::

    For example, to allow only users with a strong authentication
    level:

    ::

       $authenticationLevel > 2


Then go in ``Get parameters`` to define variables to transmit:

-  Define a new virtual host
-  Declare all get parameters you need. You have access to any
   :doc:`variable or macro<exportedvars>` (but no perl expression).

For example:

::

   "test1.example.com" => {
       "id" => "_session_id",
   }


.. danger::

    In the previous example, \_session_id is quite sensitive,
    thus it is encouraged that the application revalidate \_session_id using
    getCookie() SOAP call to avoid some security problems


.. tip::

    If host is not already registered in virtual hosts, you need
    to declare it in
    :ref:`trusted domains<security-configure-security-settings>` to allow
    redirection
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`Get parameters Provider`
			`=======================`

			`Presentation`
			`------------`

			`For application not managing other provider protocols (CAS, OpenID`
			`Connect, SAML,...) it is possible to configure LL::NG as a provider of`
			`GET parameters:`

			`- An application can call LL::NG portal with a redirection url, such as`
			``http://auth.example.com/get/login?url=base64(application_url)``
			`- When computing redirection, LL::NG portal will transmit any GET`
			`parameter you have configured for this application. (session id for`
			`example)`


doc: fix markup 2020-05-21 15:13:24 +02:00			`.. danger::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`Passing such sensitive information can be dangerous. Using`
			`other well-known secured protocols is recommended.`

			`There is also the possibility to trigger a logout action by passing the`
			`return url , such as`
			``http://auth.example.com/get/logout?url=base64(return_url)``

			`Configuration`
			`-------------`

			In the Manager, go in ``General Parameters`` » ``Issuer modules`` »
			``GET`` and configure:

			- Activation: set to ``On``.
			- Path: keep ``^/get/`` unless you have change
doc: fix formatting 2020-05-18 09:56:39 +02:00			:ref:`Apache portal configuration<configlocation-portal>` file.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`- Use rule: a rule to allow user to use this module, set to 1 to`
			`always allow.`


doc: fix formatting 2020-05-18 09:56:39 +02:00			`.. tip::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`For example, to allow only users with a strong authentication`
			`level:`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`::`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`$authenticationLevel > 2`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00

			Then go in ``Get parameters`` to define variables to transmit:

			`- Define a new virtual host`
			`- Declare all get parameters you need. You have access to any`
			:doc:`variable or macro<exportedvars>` (but no perl expression).

			`For example:`

			`::`

			`"test1.example.com" => {`
			`"id" => "_session_id",`
			`}`


doc: fix markup 2020-05-21 15:13:24 +02:00			`.. danger::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`In the previous example, \_session_id is quite sensitive,`
			`thus it is encouraged that the application revalidate \_session_id using`
			`getCookie() SOAP call to avoid some security problems`


doc: fix formatting 2020-05-18 09:56:39 +02:00			`.. tip::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`If host is not already registered in virtual hosts, you need`
doc: fix formatting 2020-05-18 09:56:39 +02:00			`to declare it in`
			:ref:`trusted domains<security-configure-security-settings>` to allow
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`redirection`