For application not managing other provider protocols (<abbrtitle="Central Authentication Service">CAS</abbr>, OpenID Connect, <abbrtitle="Security Assertion Markup Language">SAML</abbr>,…) it is possible to configure <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as a provider of GET parameters:
</p>
<ul>
<liclass="level1"><divclass="li"> An application can call <abbrtitle="LemonLDAP::NG">LL::NG</abbr> portal with a redirection url, such as <code><ahref="http://auth.example.com/get/login?url=base64"class="urlextern"title="http://auth.example.com/get/login?url=base64"rel="nofollow">http://auth.example.com/get/login?url=base64</a>(application_url)</code></div>
</li>
<liclass="level1"><divclass="li"> When computing redirection, <abbrtitle="LemonLDAP::NG">LL::NG</abbr> portal will transmit any GET parameter you have configured for this application. (session id for example)</div>
There is also the possibility to trigger a logout action by passing the return url , such as <code><ahref="http://auth.example.com/get/logout?url=base64"class="urlextern"title="http://auth.example.com/get/logout?url=base64"rel="nofollow">http://auth.example.com/get/logout?url=base64</a>(return_url)</code>
In the Manager, go in <code>General Parameters</code> » <code>Issuer modules</code> » <code>GET</code> and configure:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Activation</strong> : mettre à <code>Activé</code>.</div>
</li>
<liclass="level1"><divclass="li"><strong>Path</strong>: keep <code>^/get/</code> unless you have change <ahref="configlocation.html#portal"class="wikilink1"title="documentation:2.0:configlocation">Apache portal configuration</a> file.</div>
</li>
<liclass="level1"><divclass="li"><strong>Règle d'utilisation</strong> : une règle pour autoriser l'usage de ce module, mettre 1 pour toujours l'autoriser.</div>
</li>
</ul>
<divclass="notetip">Par exemple, pour n'autoriser que les utilisateurs authentifiés fortement :
Then go in <code>Get parameters</code> to define variables to transmit:
</p>
<ul>
<liclass="level1"><divclass="li"> Define a new virtual host</div>
</li>
<liclass="level1"><divclass="li"> Declare all get parameters you need. You have access to any <ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">variable or macro</a> (but no perl expression).</div>
</li>
</ul>
<p>
Par exemple :
</p>
<preclass="code">"test1.example.com" => {
"id" => "_session_id",
}</pre>
<divclass="notewarning">In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems
</div><divclass="notetip">If host is not already registered in virtual hosts, you need to declare it in <ahref="security.html#configure_security_settings"class="wikilink1"title="documentation:2.0:security">trusted domains</a> to allow redirection