2012-02-25 23:45:20 +01:00
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" xml:lang = "en"
lang="en" dir="ltr">
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > < / title >
<!-- metadata -->
< meta name = "generator" content = "Offline" / >
< meta name = "version" content = "Offline 0.1" / >
<!-- style sheet links -->
< link rel = "stylesheet" media = "all" type = "text/css" href = "../../../css/all.css" / >
< link rel = "stylesheet" media = "screen" type = "text/css" href = "../../../css/screen.css" / >
< link rel = "stylesheet" media = "print" type = "text/css" href = "../../../css/print.css" / >
< / head >
< body >
< div class = "dokuwiki export" >
2015-06-08 16:57:58 +02:00
< h1 class = "sectionedit1" id = "slave" > Slave< / h1 >
2012-02-25 23:45:20 +01:00
< div class = "level1" >
2015-06-08 16:57:58 +02:00
< div class = "table sectionedit2" > < table class = "inline" >
< thead >
2012-02-25 23:45:20 +01:00
< tr class = "row0 roweven" >
2015-06-08 16:57:58 +02:00
< th class = "col0 centeralign" > Authentication < / th > < th class = "col1 centeralign" > Users < / th > < th class = "col2 centeralign" > Password < / th >
2012-02-25 23:45:20 +01:00
< / tr >
2015-06-08 16:57:58 +02:00
< / thead >
2012-02-25 23:45:20 +01:00
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > ✔ < / td > < td class = "col1 centeralign" > ✔ < / td > < td class = "col2" > < / td >
< / tr >
2015-06-08 16:57:58 +02:00
< / table > < / div >
<!-- EDIT2 TABLE [22 - 85] -->
2012-02-25 23:45:20 +01:00
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT1 SECTION "Slave" [1 - 85] -->
< h2 class = "sectionedit3" id = "presentation" > Presentation< / h2 >
2012-02-25 23:45:20 +01:00
< div class = "level2" >
< p >
2015-06-08 16:57:58 +02:00
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > Slave backend relies on HTTP headers to retrieve user login and/or attributes.
2012-02-25 23:45:20 +01:00
< / p >
< ul >
2015-06-08 16:57:58 +02:00
< li class = "level1" > < div class = "li" > Authentication: will check user login in a header and create session without prompting any credentials (but will register client < abbr title = "Internet Protocol" > IP< / abbr > and creation date)< / div >
2012-02-25 23:45:20 +01:00
< / li >
2015-06-08 16:57:58 +02:00
< li class = "level1" > < div class = "li" > Users: collect data transfered in HTTP headers by the “master”.< / div >
2012-02-25 23:45:20 +01:00
< / li >
< / ul >
< p >
2015-06-08 16:57:58 +02:00
It allows to put < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > ::portal behind another web < abbr title = "Single Sign On" > SSO< / abbr > , or behind a SSL hardware to delegate SSL authentication to that hardware.
2012-02-25 23:45:20 +01:00
< / p >
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT3 SECTION "Presentation" [86 - 553] -->
< h2 class = "sectionedit4" id = "configuration" > Configuration< / h2 >
2012-02-25 23:45:20 +01:00
< div class = "level2" >
< p >
In Manager, go in < code > General Parameters< / code > > < code > Authentication modules< / code > and choose Slave for authentication or users module.
< / p >
< p >
Then, go in < code > Slave parameters< / code > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Authentication level< / strong > : authentication level for this module.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Header for user login< / strong > : header that contains the user main login< / div >
< / li >
2015-06-08 16:57:58 +02:00
< li class = "level1" > < div class = "li" > < strong > Master' s < abbr title = "Internet Protocol" > IP< / abbr > address< / strong > : the < abbr title = "Internet Protocol" > IP< / abbr > addresses of servers which are accredited to authenticate user. This is a security point, to prevent someone to create a session by sending custom headers. You can set one or several < abbr title = "Internet Protocol" > IP< / abbr > addresses, separated by spaces, or let this parameter empty to disable the checking.< / div >
2012-02-25 23:45:20 +01:00
< / li >
2016-02-10 11:17:35 +01:00
< li class = "level1" > < div class = "li" > < strong > Control header name< / strong > : header that contains a value to control. Let this parameter empty to disable the checking.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Control header content< / strong > : value to control. Let this parameter empty to disable the checking.< / div >
< / li >
2012-02-25 23:45:20 +01:00
< / ul >
< p >
2015-06-08 16:57:58 +02:00
You have then to declare HTTP headers exported by the main < abbr title = "Single Sign On" > SSO< / abbr > (in < strong > Exported Variables< / strong > ). Example :
2012-02-25 23:45:20 +01:00
< / p >
2015-06-08 16:57:58 +02:00
< div class = "table sectionedit5" > < table class = "inline" >
< thead >
2012-02-25 23:45:20 +01:00
< tr class = "row0 roweven" >
2015-06-08 16:57:58 +02:00
< th class = "col0 centeralign" > Key (< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > name) < / th > < th class = "col1 centeralign" > Value (HTTP header name) < / th >
2012-02-25 23:45:20 +01:00
< / tr >
2015-06-08 16:57:58 +02:00
< / thead >
2012-02-25 23:45:20 +01:00
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > uid < / td > < td class = "col1 centeralign" > Auth-User < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 centeralign" > mail < / td > < td class = "col1 centeralign" > User-Email < / td >
< / tr >
2015-06-08 16:57:58 +02:00
< / table > < / div >
2016-02-10 11:17:35 +01:00
<!-- EDIT5 TABLE [1510 - 1612] -->
2014-02-19 16:42:12 +01:00
< p >
2016-03-22 12:19:17 +01:00
See also < a href = "../../documentation/2.0/exportedvars.html" class = "wikilink1" title = "documentation:2.0:exportedvars" > exported variables configuration< / a > .
2014-02-19 16:42:12 +01:00
< / p >
2012-02-25 23:45:20 +01:00
< / div >
2015-06-08 16:57:58 +02:00
< / div > <!-- closes <div class="dokuwiki export"> -->