2017-03-04 15:38:41 +01:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:servertoserver< / title >
< meta name = "generator" content = "DokuWiki" / >
2018-07-14 22:23:25 +02:00
< meta name = "robots" content = "index,follow" / >
2017-03-04 15:38:41 +01:00
< meta name = "keywords" content = "documentation,2.0,servertoserver" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "servertoserver.html" / >
< link rel = "contents" href = "servertoserver.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : s e r v e r t o s e r v e r " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-03-04 15:38:41 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-03-04 15:38:41 +01:00
<!-- //endif -->
< / head >
< body >
< div class = "dokuwiki export container" >
< h1 class = "sectionedit1" id = "handling_server_webservice_calls" > Handling server webservice calls< / h1 >
< div class = "level1" >
< p >
2018-06-25 23:17:51 +02:00
In modern applications, web application may need to request some other web applications on behalf of the authenticated users. There are three ways to do this:
2017-03-04 15:38:41 +01:00
< / p >
2018-06-25 23:17:51 +02:00
< ul >
< li class = "level1" > < div class = "li" > the Ugly : provide to all applications the < abbr title = "Single Sign On" > SSO< / abbr > cookie. Not secured because the < abbr title = "Single Sign On" > SSO< / abbr > cookie can be caught and used everywhere, every time by everyone!!! < strong > NOT RECOMMENDED< / strong > . < / div >
< / li >
< li class = "level1" > < div class = "li" > the Bad (< a href = "securetoken.html" class = "wikilink1" title = "documentation:2.0:securetoken" > Secure Token Handler< / a > ) : < strong > Deprecated< / strong > . Can be used in specific cases < / div >
< / li >
< li class = "level1" > < div class = "li" > the Good (Service Token Handler): See below ! (Thanks Sergio…)< / div >
< / li >
< / ul >
2017-03-04 15:38:41 +01:00
< p >
2018-06-25 23:17:51 +02:00
The “Bad” method consists to give the token (cookie value) to webapp1 which uses it as cookie header in its request. Since 2.0 version, < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > gives a better way (the Good !) to do this by using limited scope tokens.
< / p >
< p >
Tokens are time limited (30 seconds) and < abbr title = "Uniform Resource Locator" > URL< / abbr > restricted (three max).
2017-03-04 15:38:41 +01:00
< / p >
< p >
< a href = "server_to_server.png_documentation_2.0_servertoserver.html" class = "media" title = "documentation:2.0:server_to_server.png" > < img src = "server_to_server.png" class = "media" title = "Kinematic" alt = "Kinematic" / > < / a >
< / p >
< / div >
2018-06-25 23:17:51 +02:00
<!-- EDIT1 SECTION "Handling server webservice calls" [1 - 899] -->
2017-03-04 15:38:41 +01:00
< h2 class = "sectionedit2" id = "webapp1_handler_configuration" > Webapp1 handler configuration< / h2 >
< div class = "level2" >
< p >
2018-06-25 23:17:51 +02:00
Insert a header filled with this value:
2017-03-04 15:38:41 +01:00
< / p >
< pre class = "code file perl" > token< span class = "br0" > ( < / span > < span class = "re0" > $_session_id< / span > < span class = "sy0" > ,< / span > < span class = "st_h" > 'webapp2.example.com'< / span > < span class = "sy0" > ,< / span > < span class = "st_h" > 'webapp3.example.com'< / span > < span class = "br0" > ) < / span > < / pre >
< p >
2018-06-25 23:17:51 +02:00
Webapp1 can read this header and use it in its requests by setting the < code > X-Llng-Token< / code > header. The token is built using the session ID and the authorized virtualhosts list. The token is only available during 30 seconds and for the specified virtualhosts.
2017-03-04 15:38:41 +01:00
< / p >
< / div >
2018-06-25 23:17:51 +02:00
<!-- EDIT2 SECTION "Webapp1 handler configuration" [900 - 1328] -->
2017-03-04 15:38:41 +01:00
< h2 class = "sectionedit3" id = "webapp2_handler_configuration" > Webapp2 handler configuration< / h2 >
< div class = "level2" >
< p >
Change handler type to “ServiceToken”. So it is able to manage both user and server connections. And that' s all !
< / p >
2017-03-07 19:03:53 +01:00
2017-03-04 15:38:41 +01:00
< / div >
2018-06-25 23:17:51 +02:00
<!-- EDIT3 SECTION "Webapp2 handler configuration" [1329 - ] --> < / div >
2017-03-04 15:38:41 +01:00
< / body >
< / html >