The portal is the main component of <abbrtitle="LemonLDAP::NG">LL::NG</abbr>. It provides many features:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication service</strong> of course</div>
<ul>
<liclass="level2"><divclass="li"> Web based for normal users:</div>
<ul>
<liclass="level3"><divclass="li"> using own database (<ahref="authldap.html"class="wikilink1"title="documentation:2.0:authldap">LDAP</a>, <ahref="authdbi.html"class="wikilink1"title="documentation:2.0:authdbi">SQL</a>, …)</div>
</li>
<liclass="level3"><divclass="li"> using Apache authentication system (used for <ahref="authssl.html"class="wikilink1"title="documentation:2.0:authssl">SSL</a>, <ahref="authapache.html"class="wikilink1"title="documentation:2.0:authapache">Kerberos</a>, <ahref="authapache.html"class="wikilink1"title="documentation:2.0:authapache">HTTP basic authentication</a>, …)</div>
</li>
<liclass="level3"><divclass="li"> using external identity provider (<ahref="authsaml.html"class="wikilink1"title="documentation:2.0:authsaml">SAML</a>, <ahref="authopenid.html"class="wikilink1"title="documentation:2.0:authopenid">OpenID</a>, <ahref="authcas.html"class="wikilink1"title="documentation:2.0:authcas">CAS</a>, <ahref="authtwitter.html"class="wikilink1"title="documentation:2.0:authtwitter">Twitter</a>, other <abbrtitle="LemonLDAP::NG">LL::NG</abbr> system, …)</div>
</li>
<liclass="level3"><divclass="li"> all together (based on user <ahref="authchoice.html"class="wikilink1"title="documentation:2.0:authchoice">choice</a>, <ahref="authmulti.html"class="wikilink1"title="documentation:2.0:authmulti">rules</a>, …)</div>
<liclass="level2"><divclass="li"><ahref="soapservices.html"class="wikilink1"title="documentation:2.0:soapservices">SOAP based</a> and <ahref="restservices.html"class="wikilink1"title="documentation:2.0:restservices">REST based</a>for client-server software, specific development, …</div>
<liclass="level1"><divclass="li"><strong>Identity provider</strong>: <abbrtitle="LemonLDAP::NG">LL::NG</abbr> is able to provide identity service using:</div>
<liclass="level1"><divclass="li"><strong><ahref="federationproxy.html"class="wikilink1"title="documentation:2.0:federationproxy">Identity provider proxy</a></strong>: <abbrtitle="LemonLDAP::NG">LL::NG</abbr> can be used as proxy translator between systems talking <abbrtitle="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbrtitle="Central Authentication Service">CAS</abbr>, …</div>
</li>
<liclass="level1"><divclass="li"><strong>Internal SOAP server</strong> used by <ahref="soapconfbackend.html"class="wikilink1"title="documentation:2.0:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <ahref="soapservices.html"class="wikilink1"title="documentation:2.0:soapservices">SOAP services</a> for more)</div>
<liclass="level1"><divclass="li"><strong>Internal REST server</strong> used by <ahref="restconfbackend.html"class="wikilink1"title="documentation:2.0:restconfbackend">REST configuration backend</a> and usable for specific development (see <ahref="restservices.html"class="wikilink1"title="documentation:2.0:restservices">REST services</a> for more)</div>
<liclass="level1"><divclass="li"> Interactive <strong>management of user passwords</strong>:</div>
<ul>
<liclass="level2"><divclass="li"> Password change form (in menu)</div>
</li>
<liclass="level2"><divclass="li"> Self service reset (send a mail to the user with a to change the password)</div>
</li>
<liclass="level2"><divclass="li"> Force password change with LDAP password policy password reset flag</div>
</li>
</ul>
</li>
<liclass="level1"><divclass="li"><strong><ahref="portalmenu.html"class="wikilink1"title="documentation:2.0:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
</li>
<liclass="level1"><divclass="li"><strong><ahref="notifications.html"class="wikilink1"title="documentation:2.0:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
<abbrtitle="LemonLDAP::NG">LL::NG</abbr> portal is a modular component. It needs 4 modules to work:
</p>
<ul>
<liclass="level1"><divclass="li"><ahref="start.html#authentication_users_and_password_databases"class="wikilink1"title="documentation:2.0:start">Authentication</a>: how check user credentials</div>
</li>
<liclass="level1"><divclass="li"><ahref="start.html#authentication_users_and_password_databases"class="wikilink1"title="documentation:2.0:start">User database</a>: where collect user information</div>
</li>
<liclass="level1"><divclass="li"><ahref="start.html#authentication_users_and_password_databases"class="wikilink1"title="documentation:2.0:start">Password database</a>: where change password</div>
</li>
<liclass="level1"><divclass="li"><ahref="start.html#identity_provider"class="wikilink1"title="documentation:2.0:start">Identity provider</a>: how forward user identity</div>
</li>
</ul>
<divclass="notetip">Each module can be disabled using the <code>Null</code> backend.
<liclass="level1"><divclass="li"> Check if <abbrtitle="Uniform Resource Locator">URL</abbr> asked is valid</div>
</li>
<liclass="level1"><divclass="li"> Check if user is already authenticated</div>
<ul>
<liclass="level2"><divclass="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, calculate groups and macros and store them. In 1.3, <abbrtitle="LemonLDAP::NG">LL::NG</abbr> have a captcha feature which is used in this case.</div>
</li>
</ul>
</li>
<liclass="level1"><divclass="li"> Modify password if asked</div>
</li>
<liclass="level1"><divclass="li"> Provides identity if asked</div>
<liclass="level1"><divclass="li"> Redirect user to the asked <abbrtitle="Uniform Resource Locator">URL</abbr> or display menu</div>
</li>
</ol>
<divclass="noteclassic">See also <ahref="documentation/presentation.html#kinematics"class="wikilink1"title="documentation:presentation">general kinematics presentation</a>.