documentation:2.0:issuerdbget

For application not managing other provider protocols (CAS, OpenID Connect, SAML,…) it is possible to configure LL::NG as a provider of GET parameters:

An application can call LL::NG portal with a redirection url, such as http://auth.example.com/get/login?url=base64(application_url)
When computing redirection, LL::NG portal will transmit any GET parameter you have configured for this application. (session id for example)

Passing such sensitive information can be dangerous. Using other well-known secured protocols are advised.

There is also the possibility to trigger a logout action by passing the return url , such as http://auth.example.com/get/logout?url=base64(return_url)

In the Manager, go in General Parameters » Issuer modules » GET and configure:

Activation : mettre à Activé.
Path: keep ^/get/ unless you have change Apache portal configuration file.
Règle d'utilisation : une règle pour autoriser l'usage de ce module, mettre 1 pour toujours l'autoriser.

Par exemple, pour n'autoriser que les utilisateurs authentifiés fortement :

$authenticationLevel > 2

Le module Rewrite d'Apache doit être activé dans la configuration Apache du portail ou dans la configuration du portail Nginx.

Then go in Get parameters to define variables to transmit:

Define a new virtual host
Declare all get parameters you need. You have access to any variable or macro (but no perl expression).

Par exemple :

"test1.example.com" => {
    "id" => "_session_id",
}

In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems

If host is not already registered in virtual hosts, you need to declare it in trusted domains to allow redirection

Get parameters Provider

Présentation

Configuration