dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
79bd842424
lemonldap-ng/doc/sources/admin/portal.rst
Christophe Maudoux ccf170ab06 Typos
2022-02-18 22:55:11 +01:00

111 lines
3.7 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

The Portal
==========
The Portal is the main component of LL::NG. It provides many features:
- **Authentication service** of course
- Web based for normal users:
- using own database (:doc:`LDAP<authldap>`, :doc:`SQL<authdbi>`,
...)
- using web server authentication system (used for
:doc:`SSL<authssl>`, :doc:`Kerberos<authapache>`,
:doc:`HTTP basic authentication<authapache>`, ...)
- using external identity provider (:doc:`SAML<authsaml>`,
:doc:`OpenID<authopenid>`, :doc:`CAS<authcas>`,
:doc:`Twitter<authtwitter>`, other LL::NG system, ...)
- all together (based on user :doc:`choice<authchoice>`,
:doc:`rules<authmulti>`, ...)
- :doc:`SOAP based<soapservices>` and
:doc:`REST based<restservices>` for client-server software,
specific development, ...
- **Identity provider**: LL::NG is able to provide identity service
using:
- :doc:`SAML<idpsaml>`
- :doc:`OpenID Connect<idpopenidconnect>`
- :doc:`CAS<idpcas>`
- :doc:`Identity provider proxy<federationproxy>`: LL::NG can be
used as proxy translator between systems talking SAML, OpenID, CAS,
...
- **Internal SOAP server** used by
:doc:`SOAP configuration backend<soapconfbackend>` and usable for
specific development (see :doc:`SOAP services<soapservices>` for
more)
- **Internal REST server** used by
:doc:`REST configuration backend<restconfbackend>` and usable for
specific development (see :doc:`REST services<restservices>` for
more)
- Interactive **management of user passwords**:
- Password change form (in menu)
- Self service reset (send a mail to the user with a to change the
password)
- Force password change with LDAP password policy password reset
flag
- :doc:`Application menu<portalmenu>`: display authorized
applications in categories
- :doc:`Notifications<notifications>`: prompt users with a message
if found in the notification database
- Second factors management
Functioning
-----------
LL::NG portal is a modular component. It needs 4 modules to work:
- :ref:`Authentication<start-authentication-users-and-password-databases>`:
how check user credentials
- :ref:`User database<start-authentication-users-and-password-databases>`:
where collect user information
- :ref:`Password database<start-authentication-users-and-password-databases>`:
where change password
- :ref:`Identity provider<start-identity-provider>`: how forward user
identity
.. tip::
Each module can be disabled using the ``Null`` backend.
Kinematics
----------
#. Check if URL asked is valid
#. Check if user is already authenticated
- If not authenticated (or authentication is forced), try to find
(userDB module) and authenticate him (auth module), collect user data,
compute groups and macros, ask for second factor if required,
create a session and store it. LL::NG affords a captcha feature
which can be enabled.
#. Modify password if asked (password module)
#. Provide identity if asked (IdP module)
#. Build :doc:`cookie(s)<ssocookie>`
#. Redirect user to the asked URL or display dynamic menu
.. note::
See also
:ref:`general kinematics presentation<presentation-kinematics>`.
URL parameters
--------------
Some parameters in URL can change the behavior of the portal:
- **logout**: Launch the logout process (for example: ``logout=1``)
- **tab**: Preselect a tab (Choice or Menu) (for example:
``tab=password``)
- **llnglanguage**: Force lang used to display the page (for example:
``llnglanguage=fr``)
- **setCookieLang**: Update lang cookie to persist the language set
with ``llnglanguage`` parameter (for example: ``setCookieLang=1``)
Reference in New Issue View Git Blame Copy Permalink