For application not managing other provider protocols (<abbrtitle="Central Authentication Service">CAS</abbr>, OpenID Connect, <abbrtitle="Security Assertion Markup Language">SAML</abbr>,…) it is possible to configure <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as a provider of GET parameters:
</p>
<ul>
<liclass="level1"><divclass="li"> An application can call <abbrtitle="LemonLDAP::NG">LL::NG</abbr> portal with a redirection url, such as <code><ahref="http://auth.example.com/get/login?url=base64"class="urlextern"title="http://auth.example.com/get/login?url=base64"rel="nofollow">http://auth.example.com/get/login?url=base64</a>(application_url)</code></div>
</li>
<liclass="level1"><divclass="li"> When computing redirection, <abbrtitle="LemonLDAP::NG">LL::NG</abbr> portal will transmit any GET parameter you have configured for this application. (session id for example)</div>
There is also the possibility to trigger a logout action by passing the return url , such as <code><ahref="http://auth.example.com/get/logout?url=base64"class="urlextern"title="http://auth.example.com/get/logout?url=base64"rel="nofollow">http://auth.example.com/get/logout?url=base64</a>(return_url)</code>
Then go in <code>Get parameters</code> to define variables to transmit:
</p>
<ul>
<liclass="level1"><divclass="li"> Define a new virtual host</div>
</li>
<liclass="level1"><divclass="li"> Declare all get parameters you need. You have access to any <ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">variable or macro</a> (but no perl expression).</div>
<divclass="notewarning">In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems
</div><divclass="notetip">If host is not already registered in virtual hosts, you need to declare it in <ahref="security.html#configure_security_settings"class="wikilink1"title="documentation:2.0:security">trusted domains</a> to allow redirection