Secure Token Handler

Presentation

The Secure Token Handler is a special Handler that create a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can the request the Memcached server to get user identifier.

This mechanism allow to do SSO on application with an unsafe link between Handler and the application, but with a safe link with the Memcached server.

Configuration

Virtual host in Apache

Configure the virtual host like other protected virtual host but use Secure Token Handler instead of default Handler.

<VirtualHost *:80>
       ServerName secure.example.com
 
       # Load SecureToken Handler
       PerlRequire Lemonldap/NG/Handler/Specific/SecureToken.pm
       PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SecureToken
 
       ...
 
</VirtualHost>

Handler parameters

Go in Manager, Default parameters » Advanced parameters » Special handlers » Secure Token, and edit the different keys:

Memcached servers: addresses of Memcached servers, separated with spaces.
Token expiration: time in seconds for token expiration (remove from Memcached server).
Attribute to store: the session key that will be stored in Memcached.
Protected URLs: Regexp of URLs for which the secure token will be sent, separated by spaces
Header name: name of the HTTP header carrying the secure token.
Allow requests in error: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes)