dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0546303dac
lemonldap-ng/doc/pages/documentation/current/portal.html
Clément OUDOT 2f81f4b3b5 Update documentation
2019-02-12 17:32:02 +01:00

152 lines
9.4 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:portal</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,portal"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portal.html"/>
<link rel="contents" href="portal.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:portal","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="the_portal">The portal</h1>
<div class="level1">
<p>
The portal is the main component of <abbr title="LemonLDAP::NG">LL::NG</abbr>. It provides many features:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication service</strong> of course</div>
<ul>
<li class="level2"><div class="li"> Web based for normal users:</div>
<ul>
<li class="level3"><div class="li"> using own database (<a href="authldap.html" class="wikilink1" title="documentation:2.0:authldap">LDAP</a>, <a href="authdbi.html" class="wikilink1" title="documentation:2.0:authdbi">SQL</a>, ...)</div>
</li>
<li class="level3"><div class="li"> using web server authentication system (used for <a href="authssl.html" class="wikilink1" title="documentation:2.0:authssl">SSL</a>, <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Kerberos</a>, <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">HTTP basic authentication</a>, ...)</div>
</li>
<li class="level3"><div class="li"> using external identity provider (<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a>, <a href="authopenid.html" class="wikilink1" title="documentation:2.0:authopenid">OpenID</a>, <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a>, <a href="authtwitter.html" class="wikilink1" title="documentation:2.0:authtwitter">Twitter</a>, other <abbr title="LemonLDAP::NG">LL::NG</abbr> system, ...)</div>
</li>
<li class="level3"><div class="li"> all together (based on user <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">choice</a>, <a href="authmulti.html" class="wikilink1" title="documentation:2.0:authmulti">rules</a>, ...)</div>
</li>
</ul>
</li>
<li class="level2"><div class="li"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP based</a> and <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST based</a> for client-server software, specific development, ...</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Identity provider</strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> is able to provide identity service using:</div>
<ul>
<li class="level2"><div class="li"> <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a></div>
</li>
<li class="level2"><div class="li"> <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID Connect</a></div>
</li>
<li class="level2"><div class="li"> <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><a href="federationproxy.html" class="wikilink1" title="documentation:2.0:federationproxy">Identity provider proxy</a></strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> can be used as proxy translator between systems talking <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbr title="Central Authentication Service">CAS</abbr>, ...</div>
</li>
<li class="level1"><div class="li"> <strong>Internal SOAP server</strong> used by <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> for more)</div>
</li>
<li class="level1"><div class="li"> <strong>Internal REST server</strong> used by <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST configuration backend</a> and usable for specific development (see <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST services</a> for more)</div>
</li>
<li class="level1"><div class="li"> Interactive <strong>management of user passwords</strong>:</div>
<ul>
<li class="level2"><div class="li"> Password change form (in menu)</div>
</li>
<li class="level2"><div class="li"> Self service reset (send a mail to the user with a to change the password)</div>
</li>
<li class="level2"><div class="li"> Force password change with LDAP password policy password reset flag</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><a href="portalmenu.html" class="wikilink1" title="documentation:2.0:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
</li>
<li class="level1"><div class="li"> <strong><a href="notifications.html" class="wikilink1" title="documentation:2.0:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "The portal" [1-1816] -->
<h2 class="sectionedit2" id="functioning">Functioning</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal is a modular component. It needs 4 modules to work:
</p>
<ul>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">Authentication</a>: how check user credentials</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">User database</a>: where collect user information</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">Password database</a>: where change password</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#identity_provider" class="wikilink1" title="documentation:2.0:start">Identity provider</a>: how forward user identity</div>
</li>
</ul>
<div class="notetip">Each module can be disabled using the <code>Null</code> backend.
</div>
</div>
<!-- EDIT2 SECTION "Functioning" [1817-2363] -->
<h2 class="sectionedit3" id="kinematics">Kinematics</h2>
<div class="level2">
<ol>
<li class="level1"><div class="li"> Check if <abbr title="Uniform Resource Locator">URL</abbr> asked is valid</div>
</li>
<li class="level1"><div class="li"> Check if user is already authenticated</div>
<ul>
<li class="level2"><div class="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, ask for second factor if required, calculate groups and macros and store them. In 1.3, <abbr title="LemonLDAP::NG">LL::NG</abbr> has got a captcha feature which is used in this case.</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Modify password if asked (password module)</div>
</li>
<li class="level1"><div class="li"> Provides identity if asked (IdP module)</div>
</li>
<li class="level1"><div class="li"> Build <a href="ssocookie.html" class="wikilink1" title="documentation:2.0:ssocookie">cookie(s)</a></div>
</li>
<li class="level1"><div class="li"> Redirect user to the asked <abbr title="Uniform Resource Locator">URL</abbr> or display menu</div>
</li>
</ol>
<div class="noteclassic">See also <a href="documentation/presentation.html#kinematics" class="wikilink1" title="documentation:presentation">general kinematics presentation</a>.
</div>
</div>
<!-- EDIT3 SECTION "Kinematics" [2364-] --></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink