The portal is the main component of <abbrtitle="LemonLDAP::NG">LL::NG</abbr>. It provides many features:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication service</strong> of course</div>
<ul>
<liclass="level2"><divclass="li"> Web based for normal users:</div>
<ul>
<liclass="level3"><divclass="li"> using own database (<ahref="authldap.html"class="wikilink1"title="documentation:2.0:authldap">LDAP</a>, <ahref="authdbi.html"class="wikilink1"title="documentation:2.0:authdbi">SQL</a>, …)</div>
<liclass="level3"><divclass="li"> using web server authentication system (used for <ahref="authssl.html"class="wikilink1"title="documentation:2.0:authssl">SSL</a>, <ahref="authapache.html"class="wikilink1"title="documentation:2.0:authapache">Kerberos</a>, <ahref="authapache.html"class="wikilink1"title="documentation:2.0:authapache">HTTP basic authentication</a>, …)</div>
<liclass="level3"><divclass="li"> using external identity provider (<ahref="authsaml.html"class="wikilink1"title="documentation:2.0:authsaml">SAML</a>, <ahref="authopenid.html"class="wikilink1"title="documentation:2.0:authopenid">OpenID</a>, <ahref="authcas.html"class="wikilink1"title="documentation:2.0:authcas">CAS</a>, <ahref="authtwitter.html"class="wikilink1"title="documentation:2.0:authtwitter">Twitter</a>, other <abbrtitle="LemonLDAP::NG">LL::NG</abbr> system, …)</div>
</li>
<liclass="level3"><divclass="li"> all together (based on user <ahref="authchoice.html"class="wikilink1"title="documentation:2.0:authchoice">choice</a>, <ahref="authmulti.html"class="wikilink1"title="documentation:2.0:authmulti">rules</a>, …)</div>
<liclass="level2"><divclass="li"><ahref="soapservices.html"class="wikilink1"title="documentation:2.0:soapservices">SOAP based</a> and <ahref="restservices.html"class="wikilink1"title="documentation:2.0:restservices">REST based</a>for client-server software, specific development, …</div>
<liclass="level1"><divclass="li"><strong>Identity provider</strong>: <abbrtitle="LemonLDAP::NG">LL::NG</abbr> is able to provide identity service using:</div>
<liclass="level1"><divclass="li"><strong><ahref="federationproxy.html"class="wikilink1"title="documentation:2.0:federationproxy">Identity provider proxy</a></strong>: <abbrtitle="LemonLDAP::NG">LL::NG</abbr> can be used as proxy translator between systems talking <abbrtitle="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbrtitle="Central Authentication Service">CAS</abbr>, …</div>
</li>
<liclass="level1"><divclass="li"><strong>Internal SOAP server</strong> used by <ahref="soapconfbackend.html"class="wikilink1"title="documentation:2.0:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <ahref="soapservices.html"class="wikilink1"title="documentation:2.0:soapservices">SOAP services</a> for more)</div>
<liclass="level1"><divclass="li"><strong>Internal REST server</strong> used by <ahref="restconfbackend.html"class="wikilink1"title="documentation:2.0:restconfbackend">REST configuration backend</a> and usable for specific development (see <ahref="restservices.html"class="wikilink1"title="documentation:2.0:restservices">REST services</a> for more)</div>
<liclass="level1"><divclass="li"> Interactive <strong>management of user passwords</strong>:</div>
<ul>
<liclass="level2"><divclass="li"> Password change form (in menu)</div>
</li>
<liclass="level2"><divclass="li"> Self service reset (send a mail to the user with a to change the password)</div>
</li>
<liclass="level2"><divclass="li"> Force password change with LDAP password policy password reset flag</div>
</li>
</ul>
</li>
<liclass="level1"><divclass="li"><strong><ahref="portalmenu.html"class="wikilink1"title="documentation:2.0:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
</li>
<liclass="level1"><divclass="li"><strong><ahref="notifications.html"class="wikilink1"title="documentation:2.0:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
<abbrtitle="LemonLDAP::NG">LL::NG</abbr> portal is a modular component. It needs 4 modules to work:
</p>
<ul>
<liclass="level1"><divclass="li"><ahref="start.html#authentication_users_and_password_databases"class="wikilink1"title="documentation:2.0:start">Authentication</a>: how check user credentials</div>
</li>
<liclass="level1"><divclass="li"><ahref="start.html#authentication_users_and_password_databases"class="wikilink1"title="documentation:2.0:start">User database</a>: where collect user information</div>
</li>
<liclass="level1"><divclass="li"><ahref="start.html#authentication_users_and_password_databases"class="wikilink1"title="documentation:2.0:start">Password database</a>: where change password</div>
</li>
<liclass="level1"><divclass="li"><ahref="start.html#identity_provider"class="wikilink1"title="documentation:2.0:start">Identity provider</a>: how forward user identity</div>
</li>
</ul>
<divclass="notetip">Each module can be disabled using the <code>Null</code> backend.
<liclass="level2"><divclass="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, ask for second factor if required, calculate groups and macros and store them. In 1.3, <abbrtitle="LemonLDAP::NG">LL::NG</abbr> has got a captcha feature which is used in this case.</div>
<liclass="level1"><divclass="li"> Redirect user to the asked <abbrtitle="Uniform Resource Locator">URL</abbr> or display menu</div>
</li>
</ol>
<divclass="noteclassic">See also <ahref="documentation/presentation.html#kinematics"class="wikilink1"title="documentation:presentation">general kinematics presentation</a>.