2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:securetoken< / title >
< meta name = "generator" content = "DokuWiki" / >
2017-02-22 13:41:23 +01:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:04 +02:00
< meta name = "keywords" content = "documentation,2.0,securetoken" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "securetoken.html" / >
< link rel = "contents" href = "securetoken.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : s e c u r e t o k e n " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#virtual_host" > Virtual host< / a > < / div >
< ul class = "toc" >
< li class = "level3" > < div class = "li" > < a href = "#apache" > Apache< / a > < / div > < / li >
< li class = "level3" > < div class = "li" > < a href = "#nginx" > Nginx< / a > < / div > < / li >
< / ul >
< / li >
< li class = "level2" > < div class = "li" > < a href = "#handler_parameters" > Handler parameters< / a > < / div > < / li >
< / ul > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "secure_token_handler" > Secure Token Handler< / h1 >
< div class = "level1" >
< / div >
<!-- EDIT1 SECTION "Secure Token Handler" [1 - 36] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
The Secure Token Handler is a special Handler that create a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can the request the Memcached server to get user identifier.
< / p >
< p >
2017-02-07 17:35:26 +01:00
This mechanism allow one to do < abbr title = "Single Sign On" > SSO< / abbr > on application with an unsafe link between Handler and the application, but with a safe link with the Memcached server.
2016-10-15 19:57:04 +02:00
< / p >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT2 SECTION "Presentation" [37 - 492] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT3 SECTION "Configuration" [493 - 519] -->
2016-10-15 19:57:04 +02:00
< h3 class = "sectionedit4" id = "virtual_host" > Virtual host< / h3 >
< div class = "level3" >
< / div >
< h4 id = "apache" > Apache< / h4 >
< div class = "level4" >
< p >
Configure the virtual host like other < a href = "configvhost.html" class = "wikilink1" title = "documentation:2.0:configvhost" > protected virtual host< / a > but use Secure Token Handler instead of default Handler.
< / p >
< pre class = "code file apache" > PerlModule Lemonldap::NG::Handler::Specific::SecureToken
< < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
< span class = "kw1" > ServerName< / span > secure.example.com
< span class = "co1" > # Load SecureToken Handler< / span >
PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SecureToken
...
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< / div >
< h4 id = "nginx" > Nginx< / h4 >
< div class = "level4" >
< div class = "noteclassic" > This module uses Apache2 Filter and is not compatible with Nginx.
< / div >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT4 SECTION "Virtual host" [520 - 1072] -->
2016-10-15 19:57:04 +02:00
< h3 class = "sectionedit5" id = "handler_parameters" > Handler parameters< / h3 >
< div class = "level3" >
< p >
SecureToken parameters are the following:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Memcached servers< / strong > : addresses of Memcached servers, separated with spaces.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Token expiration< / strong > : time in seconds for token expiration (remove from Memcached server).< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Attribute to store< / strong > : the session key that will be stored in Memcached.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Protected URLs< / strong > : Regexp of URLs for which the secure token will be sent, separated by spaces< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Header name< / strong > : name of the HTTP header carrying the secure token.< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Allow requests in error< / strong > : allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes)< / div >
< / li >
< / ul >
< div class = "noteimportant" > Due to Handler < abbr title = "Application Programming Interface" > API< / abbr > change in 1.9, you need to set these attributes in < code > lemonldap-ng.ini< / code > and not in Manager, for example:
< pre class = "code file ini" > < span class = "re0" > < span class = "br0" > [ < / span > handler< span class = "br0" > ] < / span > < / span >
< span class = "re1" > secureTokenMemcachedServers< / span > < span class = "sy0" > =< / span > < span class = "re2" > 127.0.0.1:11211< / span >
< span class = "re1" > secureTokenExpiration< / span > < span class = "sy0" > =< / span > < span class = "re2" > 60< / span >
< span class = "re1" > secureTokenAttribute< / span > < span class = "sy0" > =< / span > < span class = "re2" > uid< / span >
< span class = "re1" > secureTokenUrls< / span > < span class = "sy0" > =< / span > < span class = "re2" > .*< / span >
< span class = "re1" > secureTokenHeader< / span > < span class = "sy0" > =< / span > < span class = "re2" > Auth-Token< / span >
< span class = "re1" > secureTokenAllowOnError< / span > < span class = "sy0" > =< / span > < span class = "re2" > 1< / span > < / pre >
< / div >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT5 SECTION "Handler parameters" [1073 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >