150 lines
8.9 KiB
HTML
150 lines
8.9 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en" dir="ltr">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<title>documentation:2.0:portal</title>
|
|
<meta name="generator" content="DokuWiki"/>
|
|
<meta name="robots" content="index,follow"/>
|
|
<meta name="keywords" content="documentation,2.0,portal"/>
|
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
|
<link rel="start" href="portal.html"/>
|
|
<link rel="contents" href="portal.html" title="Sitemap"/>
|
|
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
|
|
<!-- //if:usedebianlibs
|
|
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
|
|
//elsif:useexternallibs
|
|
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
|
|
//elsif:cssminified
|
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
|
|
//else -->
|
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
|
|
<!-- //endif -->
|
|
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:portal","namespace":"documentation:2.0"};
|
|
/*!]]>*/</script>
|
|
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
|
|
<!-- //if:usedebianlibs
|
|
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
|
|
//elsif:useexternallibs
|
|
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
|
|
//elsif:jsminified
|
|
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
|
|
//else -->
|
|
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
|
|
<!-- //endif -->
|
|
<!-- //if:usedebianlibs
|
|
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
|
|
//elsif:useexternallibs
|
|
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
|
|
//elsif:jsminified
|
|
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
|
|
//else -->
|
|
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
|
|
<!-- //endif -->
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export container">
|
|
|
|
<h1 class="sectionedit1" id="the_portal">The portal</h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
The portal is the main component of <abbr title="LemonLDAP::NG">LL::NG</abbr>. It provides many features:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <strong>Authentication service</strong> of course</div>
|
|
<ul>
|
|
<li class="level2"><div class="li"> Web based for normal users:</div>
|
|
<ul>
|
|
<li class="level3"><div class="li"> using own database (<a href="authldap.html" class="wikilink1" title="documentation:2.0:authldap">LDAP</a>, <a href="authdbi.html" class="wikilink1" title="documentation:2.0:authdbi">SQL</a>, …)</div>
|
|
</li>
|
|
<li class="level3"><div class="li"> using Apache authentication system (used for <a href="authssl.html" class="wikilink1" title="documentation:2.0:authssl">SSL</a>, <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Kerberos</a>, <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">HTTP basic authentication</a>, …)</div>
|
|
</li>
|
|
<li class="level3"><div class="li"> using external identity provider (<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a>, <a href="authopenid.html" class="wikilink1" title="documentation:2.0:authopenid">OpenID</a>, <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a>, <a href="authtwitter.html" class="wikilink1" title="documentation:2.0:authtwitter">Twitter</a>, other <abbr title="LemonLDAP::NG">LL::NG</abbr> system, …)</div>
|
|
</li>
|
|
<li class="level3"><div class="li"> all together (based on user <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">choice</a>, <a href="authmulti.html" class="wikilink1" title="documentation:2.0:authmulti">rules</a>, …)</div>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="level2"><div class="li"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP based</a> for client-server software, specific development, …</div>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>Identity provider</strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> is able to provide identity service using:</div>
|
|
<ul>
|
|
<li class="level2"><div class="li"> <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a></div>
|
|
</li>
|
|
<li class="level2"><div class="li"> <a href="idpopenid.html" class="wikilink1" title="documentation:2.0:idpopenid">OpenID</a></div>
|
|
</li>
|
|
<li class="level2"><div class="li"> <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a></div>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong><a href="federationproxy.html" class="wikilink1" title="documentation:2.0:federationproxy">Identity provider proxy</a></strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> can be used as proxy translator between systems talking <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbr title="Central Authentication Service">CAS</abbr>, …</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>Internal SOAP server</strong> used by <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> for more)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Interactive <strong>management of user passwords</strong>:</div>
|
|
<ul>
|
|
<li class="level2"><div class="li"> Password change form (in menu)</div>
|
|
</li>
|
|
<li class="level2"><div class="li"> Self service reset (send a mail to the user with a to change the password)</div>
|
|
</li>
|
|
<li class="level2"><div class="li"> Force password change with LDAP password policy password reset flag</div>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong><a href="portalmenu.html" class="wikilink1" title="documentation:2.0:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong><a href="notifications.html" class="wikilink1" title="documentation:2.0:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "The portal" [1-1598] -->
|
|
<h2 class="sectionedit2" id="functioning">Functioning</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal is a modular component. It needs 4 modules to work:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">Authentication</a>: how check user credentials</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">User database</a>: where collect user information</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:2.0:start">Password database</a>: where change password</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="start.html#identity_provider" class="wikilink1" title="documentation:2.0:start">Identity provider</a>: how forward user identity</div>
|
|
</li>
|
|
</ul>
|
|
<div class="notetip">Each module can be disabled using the <code>Null</code> backend.
|
|
</div>
|
|
</div>
|
|
<!-- EDIT2 SECTION "Functioning" [1599-2145] -->
|
|
<h2 class="sectionedit3" id="kinematics">Kinematics</h2>
|
|
<div class="level2">
|
|
<ol>
|
|
<li class="level1"><div class="li"> Check if <abbr title="Uniform Resource Locator">URL</abbr> asked is valid</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Check if user is already authenticated</div>
|
|
<ul>
|
|
<li class="level2"><div class="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, calculate groups and macros and store them. In 1.3, <abbr title="LemonLDAP::NG">LL::NG</abbr> have a captcha feature which is used in this case.</div>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="level1"><div class="li"> Modify password if asked</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Provides identity if asked</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Build <a href="ssocookie.html" class="wikilink1" title="documentation:2.0:ssocookie">cookie(s)</a></div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Redirect user to the asked <abbr title="Uniform Resource Locator">URL</abbr> or display menu</div>
|
|
</li>
|
|
</ol>
|
|
<div class="noteclassic">See also <a href="documentation/presentation.html#kinematics" class="wikilink1" title="documentation:presentation">general kinematics presentation</a>.
|
|
</div>
|
|
</div>
|
|
<!-- EDIT3 SECTION "Kinematics" [2146-] --></div>
|
|
</body>
|
|
</html>
|