LL::NG portal provides REST end points for sessions management:
Sessions for connected users (used by LLNG Proxy):
Authorizations for connected users (always enabled):
This session backend can be used to share sessions stored in a non-network backend (like file session backend) or in a network backend protected with a firewall that only accepts HTTP flows.
Most of the time, REST session backend is used by Handlers installed on external servers.
To configure it, REST session backend will be set trough Manager in global configuration (used by all Handlers), and the real session backend will be configured for local components in lemonldap-ng.ini.
First, activate REST in General parameters
» Plugins
» Portal servers
» REST session server
.
Then, set Lemonldap::NG::Common::Apache::Session::REST
in General parameters
» Sessions
» Session storage
» Apache::Session module
and add the following parameters (case sensitive):
Required parameters | ||
---|---|---|
Name | Comment | Example |
baseUrl | URL of sessions REST end point | http://auth.example.com/index.fcgi/sessions/global |
Optional parameters | ||
user | Username to use for auth basic mechanism | |
password | Password to use for auth basic mechanism |
Sessions REST end points access must be allowed in Apache portal configuration (for example, access by IP range):
# REST/SOAP functions for sessions access (disabled by default) <Location /index.fcgi/sessions> Require 192.168.2.0/24 </Location>
Real session backend will be configured in lemonldap-ng.ini
, in portal
section (the portal hosts the REST service for sessions, and will do the link between REST requests and real sessions).
For example, if real sessions are stored in files:
[portal] globalStorage = Apache::Session::File globalStorageOptions = { 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', }
By default, only few sessions keys are shared by REST (authenticationLevel, groups, ipAddr, _startTime, _utime, _lastSeen, _session_id), you need to define which other keys you want to share in General parameters
» Plugins
» Portal servers
» SOAP/REST exported attributes
.
You must start with +
to keep default keys, else they will not be shared. For example:
+ uid cn mail
To share only the listed attributes:
authenticationLevel groups ipAddr _startTime _utime _lastSeen _session_id uid cn mail