dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1efacd1d14
lemonldap-ng/doc/pages/documentation/current/handlerauthbasic.html
Xavier Guimard 8bd7b8077c Update doc
2017-02-28 10:56:59 +00:00

159 lines
6.1 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:handlerauthbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,handlerauthbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="handlerauthbasic.html"/>
<link rel="contents" href="handlerauthbasic.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:handlerauthbasic","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#virtual_host">Virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#nginx">Nginx</a></div></li>
<li class="level2"><div class="li"><a href="#handler_parameters">Handler parameters</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="authbasic_handler">AuthBasic Handler</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "AuthBasic Handler" [1-33] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
The AuthBasic Handler is a special Handler that will us AuthBasic to authenticate to a virtual host, and then play authorizations rules to allow access to the virtual
host.
</p>
<p>
The Handler will send a WWW-Authenticate header to the client, to request user and password, and then check the credentials using REST web service (you must enable REST session service in the manager). When session is granted, the Handler will then check the authorizations like the standard Handler.
</p>
<p>
This can be useful to allow an third party application to access a virtual host with users credentials by sending a Basic challenge to it.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [34-677] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [678-704] -->
<h3 class="sectionedit4" id="virtual_host">Virtual host</h3>
<div class="level3">
<p>
You just have to set “Type: AuthBasic” in the virtualHost options in the manager.
</p>
<p>
If you want to protect only a virtualHost part, keep type on “Main” and set type in your configuration file:
</p>
<ul>
<li class="level1"><div class="li"> Apache: use simply a <code>PerlSetVar VHOSTTYPE AuthBasic</code></div>
</li>
<li class="level1"><div class="li"> Nginx: create another FastCGI with a <code>fastcgi_param VHOSTTYPE = AuthBasic;</code> <em>(and remove error_page 401)</em></div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Virtual host" [705-1095] -->
<h3 class="sectionedit5" id="nginx">Nginx</h3>
<div class="level3">
<p>
Since 1.9.6, LLNG FastCGI server can handle AuthBasic handler. To call it, you just have to add <code>fastcgi_param VHOSTTYPE AuthBasic;</code> in the FastCGI server call and remove <code>error_page 401</code> directive:
</p>
<pre class="file">location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param VHOSTTYPE AuthBasic;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location / {
...
##################################
# CALLING AUTHENTICATION #
##################################
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
# Remove this for AuthBasic handler
#error_page 401 $lmlocation;
...
}</pre>
</div>
<!-- EDIT5 SECTION "Nginx" [1096-2119] -->
<h3 class="sectionedit6" id="handler_parameters">Handler parameters</h3>
<div class="level3">
<p>
No parameters needed. But you have to allow sessions web services, see <a href="restsessionbackend.html" class="wikilink1" title="documentation:2.0:restsessionbackend">REST sessions backend</a>.
</p>
</div>
<!-- EDIT6 SECTION "Handler parameters" [2120-] --></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink