LimeSurvey is a web survey software written in PHP. LimeSurvey has a webserver authentication mode that allows to integrate it directly into LemonLDAP::NG.
To have a stronger integration, we will configure LimeSurvey to autocreate unknown users and use HTTP headers to fill name, mail and roles. For example, we will use 3 roles:
The configuration is done in config.php:
vi /var/www/html/limesurvey/config.php
//================================== // WebSSO //================================== $useWebserverAuth = true; $WebserverAuth_autocreateUser = true; $WebserverAuth_autouserprofile = Array( 'full_name' => $_SERVER['HTTP_AUTH_CN'], 'email' => $_SERVER['HTTP_AUTH_MAIL'], 'lang' => 'en', 'htmleditormode' => 'inline', 'templatelist' => 'default,basic,MyOrgTemplate', 'create_survey' => $_SERVER['HTTP_AUTH_ADMIN'] || $_SERVER['HTTP_AUTH_SUPERADMIN'], 'create_user' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'delete_user' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'superadmin' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'configurator' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'manage_template' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'manage_label' => $_SERVER['HTTP_AUTH_SUPERADMIN'] );
Configure LimeSurvey virtual host like other protected virtual host.
<VirtualHost *:80> ServerName limesurvey.example.com PerlHeaderParserHandler Lemonldap::NG::Handler SetEnvIfNoCase Auth-User "(.*)" PHP_AUTH_USER=$1 Alias /limesurvey /var/www/html/limesurvey DocumentRoot /var/www/html/limesurvey </VirtualHost>
server { listen 80; server_name limesurvey.example.com; root /path/to/application; # Internal authentication request location = /lmauth { internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; # Keep original request (LLNG server will received /llauth) fastcgi_param X_ORIGINAL_URI $request_uri; } # Client requests location / { auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmlocation $upstream_http_location; error_page 401 $lmlocation; try_files $uri $uri/ =404; ... include /etc/lemonldap-ng/nginx-lua-headers.conf; } location / { try_files $uri $uri/ =404; } }
Go to the Manager and create a new virtual host for LimeSurvey.
Header name | Description |
---|---|
Auth-User | user login |
Auth-Cn | user full name |
Auth-Mail | user email |
Auth-Admin | 1 if user is admin |
Auth-SuperAdmin | 1 if user is superadmin |
Rule name | Expression | Description |
---|---|---|
Logout | action=logout$ | Logout rule (for example logout_app_sso) |
Admin | ^/limesurvey/admin/ | Allow only admin and superadmin roles |
Default | default | Allow only users with a LimeSurvey role |