2020-05-14 23:29:41 +02:00
|
|
|
Proxy
|
|
|
|
=====
|
|
|
|
|
|
|
|
============== ===== ========
|
|
|
|
Authentication Users Password
|
|
|
|
============== ===== ========
|
2020-05-18 09:56:39 +02:00
|
|
|
✔ ✔
|
2020-05-14 23:29:41 +02:00
|
|
|
============== ===== ========
|
|
|
|
|
|
|
|
Presentation
|
|
|
|
------------
|
|
|
|
|
2020-06-06 23:50:34 +02:00
|
|
|
LL::NG is able to send (through REST or SOAP) authentication
|
2020-05-14 23:29:41 +02:00
|
|
|
credentials to another LL::NG portal, like a proxy.
|
|
|
|
|
|
|
|
The difference with :doc:`remote authentication<authremote>` is that the
|
|
|
|
client will never be redirect to the main LL::NG portal. This
|
2022-02-12 23:55:06 +01:00
|
|
|
configuration is useful if you want to expose your internal SSO portal
|
2020-05-14 23:29:41 +02:00
|
|
|
to another network (DMZ).
|
|
|
|
|
|
|
|
Configuration
|
|
|
|
-------------
|
|
|
|
|
|
|
|
External portal
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
In Manager, go in ``General Parameters`` > ``Authentication modules``
|
|
|
|
and choose Proxy for authentication and users.
|
|
|
|
|
|
|
|
Then, go in ``Proxy parameters``:
|
|
|
|
|
2020-06-06 23:50:34 +02:00
|
|
|
- **Authentication level**: authentication level for Proxy module
|
2020-05-14 23:29:41 +02:00
|
|
|
- **Use SOAP instead of REST**: use a deprecated SOAP server instead of
|
|
|
|
a REST one (you must set it if internal portal version is < 2.0). In
|
2020-06-06 23:50:34 +02:00
|
|
|
this case, "Portal URL" parameter must contain SOAP endpoint
|
2020-05-14 23:29:41 +02:00
|
|
|
(generally http://auth.example.com/index.pl/sessions for 1.9 and
|
|
|
|
earlier, http://auth.example.com/sessions for 2.0)
|
2021-09-08 16:41:53 +02:00
|
|
|
- **URL**: URL of internal portal
|
|
|
|
- **Session service URL** (optional): session service URL (default:
|
2021-09-06 10:47:06 +02:00
|
|
|
same as previous for SOAP, same with "/session/my" for REST)
|
2021-09-08 16:41:53 +02:00
|
|
|
- **Choice parameter** (optional): choice parameter of the internal portal if applicable
|
|
|
|
- **Choice value** (optional): value of the choice parameter of the internal portal
|
2022-02-12 23:55:06 +01:00
|
|
|
- **Cookie name** (optional): internal portal cookie name,
|
|
|
|
if different from external portal
|
2021-09-08 16:41:53 +02:00
|
|
|
- **Impersonation** (optional) : can be enabled if the internal portal provides impersonation
|
2020-05-14 23:29:41 +02:00
|
|
|
|
2021-12-21 23:19:57 +01:00
|
|
|
.. note::
|
|
|
|
|
2022-02-12 23:55:06 +01:00
|
|
|
If the internal portal uses :doc:`Choice Authentication<authchoice>`,
|
|
|
|
you have to specify 'Internal portal choice parameter' and
|
|
|
|
'Internal portal choice value' depending on its configuration.
|
|
|
|
This feature needs at least LL::NG version 2.0.14.
|
2021-12-21 23:19:57 +01:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
Internal portal
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
The portal must be configured to accept REST or SOAP authentication
|
2022-02-12 23:55:06 +01:00
|
|
|
requests. See:
|
2020-05-14 23:29:41 +02:00
|
|
|
:doc:`REST server plugin<restservices>` or
|
|
|
|
:doc:`SOAP session backend<soapsessionbackend>` *(deprecated)*.
|
|
|
|
|
|
|
|
SOAP compatibility with 1.9 server
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
2020-06-06 23:50:34 +02:00
|
|
|
If your Proxy is a 2.0.x and your server is a 1.9.x, you should add this
|
2020-05-14 23:29:41 +02:00
|
|
|
in your lemonldap-ng.ini:
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: ini
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
soapProxyUrn = urn:Lemonldap/NG/Common/CGI/SOAPService
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. attention::
|
2020-05-14 23:29:41 +02:00
|
|
|
|
2021-12-21 23:19:57 +01:00
|
|
|
This feature needs at least LL::NG version 2.0.8
|