dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f1d5ce5cc
lemonldap-ng/modules/lemonldap-ng-portal/example/slavePortal.pl
Xavier Guimard 0f1d5ce5cc * Cross Domain Authentication works now. 
* An example is now given for using Lemonldap::NG as a slave of another Web-SSO.
2007-02-24 13:30:53 +00:00

115 lines
3.1 KiB
Perl
Executable File
Raw Blame History

#!/usr/bin/perl
=pod
=head1 NON AUTHENTICATING PORTAL TO USE WITH OTHER WEB-SSO
If Lemonldap::NG has to operate with another Web-SSO without any interworking
system, Lemonldap::NG can be used as slave.
Install :
=over
=item * Install and adapt this file in an area protected by the master SSO
=item * Use L<Lemonldap::NG::Handler::CDA> to protect Lemonldap::NG area if
this area is not in the same DNS domain than the portal
=back
Authentication scheme :
=over
=item * a user that wants to access to a protected url, Lemonldap::NG::Handler
redirect it to the portal
=item * the portal creates the Lemonldap::NG session with the parameters given
by the master SSO
=item * the user is redirected to the wanted application. If it is not in the
same domain, the handler detects the session id with the Lemonldap::NG
cross-domain-authentication mechanism and generates the cookie
=back
=cut
use Lemonldap::NG::Portal::CDA;
my $portal = Lemonldap::NG::Portal::CDA->new ( {
# configStorage ADAPT IT as usual
configStorage => {
type => 'File',
dirName => '/usr/share/doc/lemonldap-ng/examples/conf/',
},
# SUBROUTINES OVERLOAD
# 2 cases :
# 1 - If LDAP search is not needed (the master SSO gives all
# that we need)
extractFormInfo => sub { PE_OK },
connectLDAP => sub { PE_OK },
bind => sub { PE_OK },
search => sub { PE_OK },
setSessionInfo => sub {
my $self = shift;
# TODO: You have to set $self->{sessionInfo}
# hash table with user attributes
# Example:
# $self->{sessionInfo}->{uid} = $ENV{REMOTE_USER};
PE_OK,
},
unbind => sub { PE_OK },
# 2 - Else, LDAP will do its job, but we have to set UID or
# what is needed by C<formateFilter> subroutine.
extractFormInfo => sub {
my $self = shift;
# EXAMPLE with $ENV{REMOTE_USER}
$self->{user} = $ENV{REMOTE_USER};
PE_OK;
},
# In the 2 cases, authentication phase has to be avoided
authenticate => sub { PE_OK },
# If no Lemonldap::NG protected application is in the same domaine than
# the portal, it is recommended to not set a lemonldap cookie in the
# other domain :
# Lemonldap::NG::Handler protect its cookie from remote application
# (to avoid developers to spoof an identity), but the master SSO
# will probably keep it.
buildCookie => sub {
my $self = shift;
$self->{cookie} = $self->cookie(
-name => $self->{cookieName},
# null value instead of de $self->{id}
-value => '',
-domain => $self->{domain},
-path => "/",
-secure => $self->{securedCookie},
@_,
);
PE_OK;
},
});
# Else, we process as usual, but without prompting users with a form
if($portal->process()) {
print $portal->header;
print $portal->start_html;
print "<h1>Your well authenticated !</h1>";
print $portal->end_html;
}
else {
print $portal->header;
print $portal->start_html;
print qq#<h2>Authentication failed</h2>
Portal is not able to recognize you
<br>
Contact your administrator (Error: #.$portal->error.')';
print $portal->end_html;
}
1;
Reference in New Issue View Git Blame Copy Permalink