dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
909391ffc7
lemonldap-ng/doc/pages/documentation/current/portal.html
Clément Oudot a38386f0cd New doc
2016-10-15 17:57:04 +00:00

124 lines
7.6 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:portal</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,portal"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portal.html"/>
<link rel="contents" href="portal.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:portal","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="the_portal">The portal</h1>
<div class="level1">
<p>
The portal is the main component of <abbr title="LemonLDAP::NG">LL::NG</abbr>. It provides many features:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication service</strong> of course</div>
<ul>
<li class="level2"><div class="li"> Web based for normal users:</div>
<ul>
<li class="level3"><div class="li"> using own database (<a href="authldap.html" class="wikilink1" title="documentation:2.0:authldap">LDAP</a>, <a href="authdbi.html" class="wikilink1" title="documentation:2.0:authdbi">SQL</a>, …)</div>
</li>
<li class="level3"><div class="li"> using Apache authentication system (used for <a href="authssl.html" class="wikilink1" title="documentation:2.0:authssl">SSL</a>, <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Kerberos</a>, <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">HTTP basic authentication</a>, …)</div>
</li>
<li class="level3"><div class="li"> using external identity provider (<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a>, <a href="authopenid.html" class="wikilink1" title="documentation:2.0:authopenid">OpenID</a>, <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a>, <a href="authtwitter.html" class="wikilink1" title="documentation:2.0:authtwitter">Twitter</a>, other <abbr title="LemonLDAP::NG">LL::NG</abbr> system, …)</div>
</li>
<li class="level3"><div class="li"> all together (based on user <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">choice</a>, <a href="authmulti.html" class="wikilink1" title="documentation:2.0:authmulti">rules</a>, …)</div>
</li>
</ul>
</li>
<li class="level2"><div class="li"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP based</a> for client-server software, specific development, …</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Identity provider</strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> is able to provide identity service using:</div>
<ul>
<li class="level2"><div class="li"> <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a></div>
</li>
<li class="level2"><div class="li"> <a href="idpopenid.html" class="wikilink1" title="documentation:2.0:idpopenid">OpenID</a></div>
</li>
<li class="level2"><div class="li"> <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><a href="federationproxy.html" class="wikilink1" title="documentation:2.0:federationproxy">Identity provider proxy</a></strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> can be used as proxy translator between systems talking <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbr title="Central Authentication Service">CAS</abbr>, …</div>
</li>
<li class="level1"><div class="li"> <strong>Internal SOAP server</strong> used by <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> for more)</div>
</li>
<li class="level1"><div class="li"> Interactive <strong>management of user passwords</strong>:</div>
<ul>
<li class="level2"><div class="li"> Password change form (in menu)</div>
</li>
<li class="level2"><div class="li"> Self service reset (send a mail to the user with a to change the password)</div>
</li>
<li class="level2"><div class="li"> Force password change with LDAP password policy password reset flag</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><a href="portalmenu.html" class="wikilink1" title="documentation:2.0:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
</li>
<li class="level1"><div class="li"> <strong><a href="notifications.html" class="wikilink1" title="documentation:2.0:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "The portal" [1-1598] -->
<h2 class="sectionedit2" id="functioning">Functioning</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal is a modular component. It needs 4 modules to work:
</p>
<ul>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">Authentication</a>: how check user credentials</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">User database</a>: where collect user information</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">Password database</a>: where change password</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#identity_provider" class="wikilink1" title="documentation:2.0:start">Identity provider</a>: how forward user identity</div>
</li>
</ul>
<div class="notetip">Each module can be disabled using the <code>Null</code> backend.
</div>
</div>
<!-- EDIT2 SECTION "Functioning" [1599-2145] -->
<h2 class="sectionedit3" id="kinematics">Kinematics</h2>
<div class="level2">
<ol>
<li class="level1"><div class="li"> Check if <abbr title="Uniform Resource Locator">URL</abbr> asked is valid</div>
</li>
<li class="level1"><div class="li"> Check if user is already authenticated</div>
<ul>
<li class="level2"><div class="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, calculate groups and macros and store them. In 1.3, <abbr title="LemonLDAP::NG">LL::NG</abbr> have a captcha feature which is used in this case.</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Modify password if asked</div>
</li>
<li class="level1"><div class="li"> Provides identity if asked</div>
</li>
<li class="level1"><div class="li"> Build <a href="ssocookie.html" class="wikilink1" title="documentation:2.0:ssocookie">cookie(s)</a></div>
</li>
<li class="level1"><div class="li"> Redirect user to the asked <abbr title="Uniform Resource Locator">URL</abbr> or display menu</div>
</li>
</ol>
<div class="noteclassic">See also <a href="documentation/presentation.html#kinematics" class="wikilink1" title="documentation:presentation">general kinematics presentation</a>.
</div>
</div>
<!-- EDIT3 SECTION "Kinematics" [2146-] --></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink